__group__ ticket summary owner component _version priority severity milestone type _status workflow _created modified _description _reporter
Tickets Awaiting Review 12939 Counterpart to content_save_pre hook not called when getting post content via API josephscott XML-RPC 2.9.2 normal normal Awaiting Review defect (bug) reopened dev-feedback 2010-04-09T13:53:57Z 2016-10-23T10:17:56Z "When a post is submitted either through the web editor interface or from an API call to newPost or editPost, the content of the post is inevitably passed through the content_save_pre filter.
And when a post is opened for editing in the web editor, the content is passed through filters such as the_editor_content and content_edit_pre.
However, when a post is fetched for editing via XMLRPC API calls such as getPost or getRecentPosts, the content_edit_pre filter is never reached.
This leads to a situation where whatever massaging of the content that a plugin may peform on the way into the database is not reversed on the way back out, for clients of the API. A concrete example of this problem is with the popular Syntax Highlighter Evolved:
http://www.viper007bond.com/wordpress-plugins/syntaxhighlighter/
This plugin performs encoding of the post content before it is stored in the database, and it counts on being able to decode that content by adding filters to hooks such as the_editor_content. However, none of these filters are reached via the API, leading to ""corrupted content"" when users try to edit posts from API clients such as the iPhone WordPress app, or my desktop editor, MarsEdit.
(My previous bug report #10802 exhibits the same symptoms of this bug, but this is a different cause).
In summary:
1. WordPress needs to establish a clear, baseline hooks for massaging content before it is saved to the database, and for un-massaging the content on the way out of the database. Currently there seems to be uncertainty about which hooks need to be overridden and under what circumstances. It seems to me that content_save_pre and content_edit_pre are probably good candidates for this.
2. Whatever hooks are established as the guarantees need to be applied once and only once in both the web-based editing scenario, and in the API editing scenario.
I think that having a well documented pair of hooks for this purpose that works identically in the web editing and API editing cases will do a lot to ensure correct behavior when plugins are installed that massage content, and will make it easy for plugin developers to ""do the right thing"" without relying on hooks that are specific only to the web editor, or to the API.
" redsweater
Tickets Awaiting Review 33940 Double spaces in term names can cause problems boonebgorges XML-RPC normal normal Awaiting Review defect (bug) assigned 2015-09-20T22:56:04Z 2017-12-03T16:30:16Z "Create a tag called 'test term'.
Use XML-RPC to create a post with a tag of:
{{{
test term
}}}
(two spaces). You'll get an error thrown, with the post not created:
{{{
A term with the name already exists in this taxonomy
}}}
This appears to be due to the `_insert_post` function in XML-RPC using `get_term_by( 'name', $term_name, $taxonomy );`, which is returning false - thus it tries to create the term as new, and fails.
Most other aspects of WP seem to filter the term name to strip double spaces first - is that what is necessary here? Or could the issue affect more than just XML-RPC?" smerriman
Tickets Awaiting Review 38300 Got a PHP warning: class-wp-xmlrpc-server.php L596: array_unshift() ... XML-RPC 4.6.1 normal normal Awaiting Review defect (bug) reopened 2016-10-13T06:46:16Z 2017-02-06T03:13:45Z "Sometimes the php_error.log file got a warning:
{{{
PHP Warning: array_unshift() expects parameter 1 to be array, null given in /wp-includes/class-wp-xmlrpc-server.php on line 596
}}}
{{{#!php
blogger_getUsersBlogs( $args );
}
...
}
}}}
The $args is NULL, it doesn't matter?" kmvan
Tickets Awaiting Review 34165 Incorrect file param in wp_handle_upload in class-wp-xmlrpc.php XML-RPC 4.3 normal normal Awaiting Review defect (bug) new 2015-10-06T08:27:44Z 2015-12-16T07:22:59Z "Hello,
I am using the plugin imsanity which uses the wp_handle_upload hook to resize the upload.
This doesn't work when uploading via xml-rpc.
After digging deeper into this I found that the ""file"" param that is passed into this hook is inconsistent and changes depending on where this hook is triggered from. When uploading through the web interface the full file path is included in this param. When uploading via xml-rpc only the filename is given. When I modified class-wp-xmlrpc to be consistent with the web interface the plugin works.
Thanks
Michael" OceanicSurfer
Tickets Awaiting Review 23017 Support for fatal errors on XML-RPC XML-RPC 3.5 normal normal Awaiting Review defect (bug) new dev-feedback 2012-12-20T11:24:27Z 2015-09-02T00:46:56Z "Similar to #16748, when a fatal error occurs, PHP will output some HTML code which at best is confusing for XML-RPC clients.
Using the `shutdown` action, we could die more gracefully and return a XML-RPC formatted error" koke
Tickets Awaiting Review 40863 WP 4.7.5 XMLRPC new method for parsing arguments omits menu_order XML-RPC 4.7.5 normal normal Awaiting Review defect (bug) reopened 2017-05-25T15:35:22Z 2017-08-04T16:43:29Z "In WP 4.7.5, in wp-includes/class-wp-xmlrpc-server.php, on line 1327, this line:
{{{
$post_data = wp_parse_args( $content_struct, $defaults );
}}}
was changed to:
{{{
$post_data = wp_parse_args( array_intersect_key( $content_struct, $defaults ), $defaults );
}}}
Unfortunately, the new intersection strips out any arguments from $content_struct that don't exist in $defaults.
So you can no longer edit a post and change the ""menu_order"" field, because it doesn't exist in the $defaults declared just before this line.
Please provide either an updated list of acceptable defaults (e.g. including menu fields), or allow for additional fields to pass through to wp_parse_args.
Tested with latest version of WP, and confirmed that swapping the changed line above enables/disables the ability to change menu_order in posts.
" bjminihan
Tickets Awaiting Review 42995 Wordpress XML-RPC editComment return error 500 changing date_created_gmt XML-RPC 4.9.1 normal normal Awaiting Review defect (bug) new 2017-12-28T19:01:25Z 2017-12-30T22:01:26Z "Grettings,
This:
// Do some timestamp voodoo
if (!empty($content_struct['date_created_gmt'])) {
// We know this is supposed to be GMT, so we're going to slap that Z on there by force
$dateCreated = rtrim($content_struct['date_created_gmt']->getIso(), 'Z') . 'Z';
$comment_date = get_date_from_gmt(iso8601_to_datetime($dateCreated));
$comment_date_gmt = iso8601_to_datetime($dateCreated, 'GMT');
}
[Thu Dec 28 15:52:34.123148 2017] [php7:notice] [pid 5507] [client 127.0.0.1:39464] PHP Fatal error: Uncaught Error: Call to a member function getIso() on string in wp-includes/class-wp-xmlrpc-server.php:3533
" fpilee
Tickets Awaiting Review 25037 XML-RPC : Can't remove all the categories from a post by using metaWeblog.editPost XML-RPC 3.6 normal normal Awaiting Review defect (bug) assigned 2013-08-14T17:41:00Z 2015-09-25T14:06:34Z "Seems that you can't remove all the categories from a post by calling mw_editPost.
I tried both passing an empty array, or skipping the entry 'categories', in the content struct, but none of them worked. The post still has the previous categories attached to it." daniloercoli
Tickets Awaiting Review 32126 XML-RPC stopped working with 4.2 in a cross-domain scenario XML-RPC 4.2 normal normal Awaiting Review defect (bug) new 2015-04-24T19:15:36Z 2015-06-29T03:04:54Z "Bug fix #20986 in wp-includes/class-IXR.php unconditionally returns status 405 to all request methods except POST. Additionally, an invalid Allow: header is returned.
But OPTIONS is a perfectly valid preflight request sent by XML-RPC clients, especially in a cross-domain scenario, to determine if a subsequent request (like POST) will be allowed - or if a cross-domain request will be allowed.
Unconditionally returning 405 prevents those clients from subsequently sending their POST request. This broke my XML-RPC client, which previously worked in 4.1.3.
Proposed fix: respond correctly to an OPTIONS request, by examining (any) Access-Control-Request-Methods: header for PUT, and returning an Access-Control-Allowed-Methods: header containing PUT with status 200.
Request for enhancement: fully support CORS by adding an admin dialog which defines what hosts (or none, or all) will be accepted for cross-domain requests, and return the appropriate Access-Control-Allow-Origin: header." flymike
Tickets Awaiting Review 38622 XML-RPC wp_newComment should return an error when a field exceeds the maximum length XML-RPC 4.5 normal normal Awaiting Review defect (bug) new 2016-11-02T16:09:56Z 2016-11-02T16:10:14Z "We return a `WP_Error` in `wp_handle_comment_submission()` when the comment content, author name, author email, or author url exceeds the maximum length of its respective database column. See #10377.
We should do the same in the XML-RPC `wp_newComment()` method." rachelbaker
Tickets Awaiting Review 21292 XML-RPC: wp_upload_bits should act like wp_handle_upload XML-RPC 3.0 normal normal Awaiting Review defect (bug) assigned has-patch 2012-07-17T07:01:23Z 2015-09-26T20:31:58Z "At this moment there isn't a check for file size when uploading an image through the XML-RPC. The reason is that the method wp_upload_bits is used. This only checks it does is if the file size is to big for a network installation.
The function check_upload_size() is something what you want except that it will use wp_die() if there is an error like this. The function is used as a filter: wp_handle_upload_prefilter. Which only get applied in the function wp_handle_upload.
We should probably change check_upload_size() a bit so it doesn't use wp_die() but does it somewhere else.
related: #6559 and #21085" markoheijnen
Tickets Awaiting Review 25016 "XMLRPC method ""wp.getUsers"" not working correctly in Multisite" XML-RPC 3.5 normal normal Awaiting Review defect (bug) assigned 2013-08-12T18:53:13Z 2015-09-25T14:07:11Z "Hi,
I have been testing some functionality in our app which uses XMLRPC, and it appears that I've found a bug with how the ""wp.getUsers"" method works on WordPress.com blogs.
Basically, the blog I'm testing this on has 3 administrators. Regardless of which one of those administrators' credentials I use, whenever we call the ""wp.getUsers"" method we ONLY get details for the SAME user back. So, if we have 3 admins ('admin1', 'admin2', 'admin2'), whenever 'admin1' queries for all users, they only get back 'admin1'.
I also tried adding a different type of user, specifically an author, and then used any of the above-mentioned administrator credentials to try and retrieve info on that author, but nothing is returned.
It should be noted that all the above functionality works as it should on self-hosted blog, just NOT on WordPress.com blogs.
" dinomic
Tickets Awaiting Review 26318 XMLRPC wp.uploadFile fails to place media in sub blogs XML-RPC 3.7.1 normal normal Awaiting Review defect (bug) new 2013-11-29T12:02:39Z 2015-12-03T18:47:32Z "Using an XMLRPC call to mw_newMediaObject, uploaded files do not land in the media library of the target blog, for example blog_id 2. The uploaded files always land in the wp-content/uploads/yyyy/mm folder. And they also appear in the media library for that blog too, via the UI.
If you trace the blog_ID to class-wp-xmlrpc-server.php you can see the method is receiving the correct value (eg. 2) at that point.
This affects (at least) a subdomain-type of installation. The htaccess is standard from the WP codex.
Occurs when blog_ID is passed to the rpc thus:
{{{
require_once 'IXR_Library.php';
$client = new IXR_Client('http://my-site.com/xmlrpc.php');
$params = array('name' => 'imgfile.png',
'type' => 'image/png',
'bits' => new IXR_Base64($bits),
'overwrite' => false);
$client->query('wp.uploadFile',2, 'admin', 'password', $params);
}}}
The xmlrpc returns a packet containing this data:
{{{
array (
'id' => '30',
'file' => 'test2_889047515_2.png',
'url' => 'http://my-site.com/wp-content/uploads/2013/11/imgfile.png',
'type' => 'image/png',
)
}}}
" daki-san
Tickets Awaiting Review 17382 XMLRPC wp_getUsersBlogs Scalability XML-RPC 3.0 normal normal Awaiting Review defect (bug) new 2011-05-11T20:32:15Z 2015-09-02T03:43:46Z "If there is a root blog with many sub blogs on it and a user that is an admin on each sub blog, then when the when the XML RPC method wp_getUsersBlogs() is called it does not scale very well. My PHP memory_limit setting was 128MB, and the XML RPC request died when a user was a member of 230+ blogs. I noticed that the number of queries made to the database for a single user that has many blogs that they are an admin is very high.
Affected line: http://core.trac.wordpress.org/browser/tags/3.0.1/xmlrpc.php#L443
I don't know exactly how the code would have to change so I am not providing a patch." bmorneau
Tickets Awaiting Review 38909 `wp.uploadFile` ignores `overwrite` parameter XML-RPC 4.6.1 normal normal Awaiting Review defect (bug) new 2016-11-23T01:59:18Z 2016-11-23T01:59:18Z "The `overwrite` parameter of the XMLRPC method `wp.uploadFile` seems to be ignored, files are never overwritten in Wordpress 4.6.1. If the file already exists, a `-` plus a number starting with `1` is appended when uploaded again.
This has already been an issue some time ago (#17604), then got fixed but was reintroduced in Wordpress 4.4 according to this support thread: https://wordpress.org/support/topic/xmlrpc-uploadfile-overwrite/
" bhabba
Tickets Awaiting Review 33389 posts contains png images via XMLRPC error response XML-RPC 4.2 normal normal Awaiting Review defect (bug) new 2015-08-17T08:41:39Z 2015-08-18T02:44:38Z "file:
wp-includes/class-wp-image-editor.php
line:
$result = call_user_func_array( $function, $arguments );
[[Image(http://ww3.sinaimg.cn/large/6dd29ac7jw1ev5p7avr0wj20ne0g9adk.jpg)]]
[[Image(http://ww1.sinaimg.cn/large/6dd29ac7jw1ev5p91135lj20m30d0wh7.jpg)]]
string(8) ""imagepng""
array(2) {
[0]=>
resource(167) of type (gd)
[1]=>
NULL
}
php function imagepng:
filename
The path to save the file to. If not set or NULL, the raw image stream will be outputted directly.
[[Image(http://ww3.sinaimg.cn/large/6dd29ac7jw1ev5p500okij20aa06wwf9.jpg)]]" zhizuzhefu
Tickets Awaiting Review 32863 set_custom_fields function in wp_xmlrpc_server class XML-RPC 4.2.2 normal trivial Awaiting Review defect (bug) new 2015-07-02T10:04:32Z 2015-07-02T15:55:00Z "Hi,
I was working with wp_xmlrpc_server class to insert and update woocommerce products but i found that my custom fields are not working properly. When i inspected the code of function set_custom_fields , i noticed that we are using wp_unslash to remove underscores from custom field keys. So keys like _price , _quantity and _stock were not working for the product custom post type. Secondly we are using add_post_meta to insert the meta data. Can we change it to the update_post_meta ?
I have attached the updated function.Please test it and let me know.
{{{
public function set_custom_fields($post_id, $fields) {
$post_id = (int) $post_id;
foreach ( (array) $fields as $meta ) {
if ( isset($meta['id']) ) {
$meta['id'] = (int) $meta['id'];
$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
if ( isset($meta['key']) ) {
$meta['key'] = ( $meta['key'] );
if ( $meta['key'] !== $pmeta->meta_key )
continue;
$meta['value'] = ( $meta['value'] );
if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
delete_metadata_by_mid( 'post', $meta['id'] );
}
} else{
update_post_meta( $post_id, $meta['key'], $meta['value'] );
}
}
}
}}}
Regards,
Arif
Skype: arifamir33
" marifamir
Tickets Awaiting Review 23020 wp.getPageList should act like wp.getPages XML-RPC 2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2012-12-20T13:47:13Z 2015-09-02T01:24:26Z "I know that wp.getPageList is obsolete, but I think it should act like wp.getPages At the moment wp.getPageList returns even the trashed pages and doesn't return the status of the page.
The weird behavior i've seen with wp.getPageList on a third-party client is shown below:
- Refresh the pages list.
- The Page 'A' is in the list.
- Select the page 'A' and delete it.
- Refresh the pages list and the page is still there. Doh!" daniloercoli
Tickets Awaiting Review 20070 Deprecate Blogger XML-RPC Methods XML-RPC 3.3 normal normal Awaiting Review enhancement new dev-feedback 2012-02-18T18:32:26Z 2015-09-02T00:18:29Z "The XML-RPC API supports the legacy Blogger API methods, but these methods have apparently not been very well tested or maintained.
Given that the `wp.*` XML-RPC namespace now covers everything that the Blogger API does, I suggest the blogger methods be officially deprecated with an eye towards removing them in a future version.
At the very least, the MetaWeblog API should be used by clients instead, as it was explicitly designed to enhance and supersede the Blogger API." maxcutler
Tickets Awaiting Review 36030 Expose site icon on wp.getUsersBlogs XML-RPC normal normal Awaiting Review enhancement new has-patch 2016-03-01T09:06:46Z 2016-03-01T09:08:53Z "WordPress 4.3 has added the ability for site owners to manage their site’s favicon, but never exposed it over the XML-RPC protocol.
It's useful for XML-RPC clients to receive it back in the response of wp.getUsersBlogs, so they can show the proper icon beside the name of the site.
In the patch I've provided an empty value is returned if site_icon is not set on the blog. I've avoided returning a default value, since it's better to leave this responsibility to clients. If siteIcon is empty, the client should show their default icon, or nothing." daniloercoli
Tickets Awaiting Review 37206 Unit test functions for functions.php's xmlrpc_removepostdata function XML-RPC 4.6 normal normal Awaiting Review enhancement new 2016-06-28T00:56:34Z 2016-06-28T00:56:34Z Wrote some unit tests that covers functions.php's xmlrpc_removepostdata function. tloureiro
Tickets Awaiting Review 37096 Unit tests for xmlrpc_getposttitle() and xmlrpc_getpostcategory() along with patch to trim and unique returned values XML-RPC 0.71 normal normal Awaiting Review enhancement new has-patch 2016-06-14T00:24:25Z 2016-06-27T23:56:08Z In tonight's Contrib 2 core we created this unit test for xmlrpc_getposttitle() function pbearne
Tickets Awaiting Review 23866 WordPress xmlrpc wp_getPosts filter for slug XML-RPC 3.4 normal normal Awaiting Review enhancement new dev-feedback 2013-03-26T20:09:31Z 2015-09-02T17:00:05Z "When using the Wordpress xmlrpc, it is sometimes very useful to get posts based off of slugs rather than post id.
A use case for this would be synchronizing or migrating two Wordpress sites with the same posts, but with different databases and post ID's.
" SunWaves
Tickets Awaiting Review 35269 Check data type of wp_xmlrpc_server_class filter before instantiate wp_xmlrpc_server_class XML-RPC 4.4 normal normal Awaiting Review feature request new dev-feedback 2015-12-30T21:32:23Z 2016-10-23T19:41:09Z "There is a filter 'wp_xmlrpc_server_class' in ./xmlrpc.php for a plugin to entirely replace the standard XML-RPC server implementation.
For some case we want to entirely disable XML-RPC server. So we pass a FALSE value through the wp_xmlrpc_server_class filter. And it causes a Fatal error in xmlrpc.php
To prevent this error we pass a fake class name that contains a blank method serve_request.
But it would better if there is a validity check of the return value of wp_xmlrpc_server_class filter.
If the return value is not a valid class_name then $wp_xmlrpc_server_class will not be instantiated and process will be exit there.
I have a patch for this.
" onetarek
Candidates for Closure 40445 Large file upload through XML-RPC fails with error 500 XML-RPC 4.7.3 normal normal Awaiting Review defect (bug) new close 2017-04-14T11:38:15Z 2017-05-03T06:30:31Z "It fails through XML-RPC but succeeds through the web UI.
File size is about 40MB and PHP upload limits are correct and higher than that.
XML-RPC upload fails either through HTTP and HTTPS, either through IPv4 or IPv6.
Using netstat in another terminal, I can see large amounts of bytes being transferred for a while.
But it suddenly fails with error 500:
{{{
xmlrpc.client.ProtocolError:
}}}
On the server side there is absolutely nothing on Apache error log, not a single char being logged, and just this on access log:
{{{
2804:14c:183:83ce:631c:9fb1:3797:93a7 - - [14/Apr/2017:03:43:15 -0700] ""POST /xmlrpc.php HTTP/1.1"" 500 3375 ""-"" ""Python-xmlrpc/3.5""
}}}
Log says 3375 bytes but netstat shows a higher number of bytes being transferred for several minutes.
XML-RPC upload of smaller files works — successfully tested with 12MB.
I would investigate this as a typical network error but doesn't look like, since upload never fails when making this same transfer through the web UI, from same Linux client machine. I would also discard lack of RAM and lack of storage on the server because same file upload through web UI works.
The server apparently receives the whole blob (it stays connected for several minutes) but apparently fails in some internal file operation after it finishes receiving it all.
This wordpress site will be a podcast server and I'm automating publication and media uploading with a script that uses https://python-wordpress-xmlrpc.readthedocs.io/en/latest/
Thank you in advance" avibrazil
Candidates for Closure 33425 XML-RPC missing options on wp.getOptions XML-RPC 4.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2015-08-19T08:35:27Z 2017-04-14T13:41:05Z "Why the list of options available here
https://github.com/WordPress/WordPress/blob/ce557062f4123d8513378cf415b4e8b612c33ccc/wp-includes/class-wp-xmlrpc-server.php#L383
doesn’t match this https://codex.wordpress.org/Option_Reference
For example default_category or blog_public fields are not available on XML-RPC." SergioEstevao
Candidates for Closure 30410 html entity problems with xmlrpc python. XML-RPC 4.0 normal normal Awaiting Review defect (bug) new close 2014-11-19T21:53:13Z 2017-01-15T07:55:24Z If I try to send HTML through post.content via python WordPress xmlrpc it renders '&' html entity characters- breaking my HTML entirely. Having my post.content html escaped is undesirable as I need to submit embedded videos. What could cause this and how do I fix it? icetek
Tickets Needing Feedback 35993 Unit tests: XML-RPC Request routines XML-RPC normal normal Future Release enhancement new dev-feedback 2016-02-29T01:07:36Z 2016-03-10T14:21:45Z "I wrote unit tests for the 3 methods regards to XML-RPC request in functions.php, the aim is improve de code coverage, theses methods are:
* xmlrpc_getposttitle()
* xmlrpc_getpostcategory()
* xmlrpc_removepostdata()
This patch cover 100% of coverage related to theses methods above.
Only one thing to consider, I didn't found any XML-RPC format on the Wordpress doc with title and category, so I've created a simple XML format with both, following the methods the behaviour is the same." borgesbruno
Tickets with Patches 17541 Blogger-XMLPRC API does not work with Multisite/SSL/DMZ combination westi* XML-RPC 3.2 normal major Future Release defect (bug) accepted has-patch 2011-05-23T07:26:29Z 2016-10-07T16:26:40Z "I have the following setup:
My WordPress Blogs (multisite) are set up behind a firewall that exposes the public address via SSL. Inside my DMZ I'm only using HTTP, so that's what WordPress sees. When I now try to access the blogger.getUsersBlogs XMLPRC-API, I get an empty result back.
I analyzed the WordPress source code and found out that the blogger.getUsersBlogs method in the file wp-includes\class-wp-xmlrpc-server.php uses another XMLRPC call to the wp.getUsersBlogs method in case of the multisite. I further checked and found out that this appears to be the only case in which WordPress executes a remote call itself to sevice the request. I then replaced the logic in _multisite_getUsersBlogs with the multisite part from wp_getUsersBlogs and it worked.
I aso found an issue that might be related: http://core.trac.wordpress.org/ticket/16402
But since the source code in the trunk still uses the regular IXR_Client, I'm not sure if this would fix the issue.
I attached my fix as a patch, but it's not refactored to remove code duplication since I don't have a dev-environment set up for WordPress.
Michael" michael_k
Tickets with Patches 16980 Empty Values are ignored by class-ixr.php wonderboymusic XML-RPC 3.1 normal normal Future Release defect (bug) reopened has-patch 2011-03-27T12:34:47Z 2015-12-31T04:06:17Z "I tried to fix the following bug #10599
Found out when you send and empty value via xmlrpc it converts it to null value.
Say you send and array of arguments for mw_editpost, set
{{{
$content_struct[mt_keywords] = '';
}}}
IXR client passes a null value instead of an empty value.
In mw_post method consider this statement
{{{
$tags_input = isset( $content_struct[mt_keywords] ) ? $content_struct[mt_keywords] : null;
}}}
Even if you send an empty value this statement fails because
{{{
$content_struct[mt_keywords]
}}}
is set to null by IXR client." nprasath002
Tickets with Patches 38730 XML-RPC: Edit post type templates XML-RPC 4.7 normal normal Future Release defect (bug) new has-patch 2016-11-09T09:20:49Z 2016-11-16T23:25:05Z "#18375 made page templates available for all post types. #38698 reflected this in the REST API. Now, we need to do the same in the XML-RPC API.
We should be able to edit the templates for any post type.
There's also the `wp.getPageTemplates` method, but I'm not sure yet how adding post type support would look like there." swissspidy
Tickets with Patches 39699 Filter to check XML-RPC data before any DB insertion XML-RPC 4.8 normal normal Future Release enhancement new has-patch 2017-01-26T11:03:08Z 2017-10-03T03:39:32Z "After searching into XML-RPC server class code, I realized that it seems that there isn't way to check XML-RPC input data before starting to insert/update any rows to database nor to return an `IXR` custom error message.
For example for new post, in order to check custom fields, a possible workaround is to use `wp_insert_post_empty_content` filter, but we are unable to customize the error message. Moreover at this point some DB rows are inserted, so inside the filter above we have to call `wp_delete_post` manually in order to clean DB (taking care to check `auto-draft` post status).
In the case of editing post, things get a bit more complicated, so we could use transactions with the help of `xmlrpc_call`/`wp_insert_post` actions.
So, the patch aims to add a new filter named `xmlrpc_before_insert_post` that allows to do this check in a more robust manner (for `wp.newPost` and `wp.editPost` XML-RCP methods).
Typical usage:
{{{#!php

Custom HTML

Custom HTML Content

}}}
Text Widget - The widget-wrap div has only that class.
{{{

Text Widget

Text Widget Content

}}}
As a result, any theme that has styled widget_text may have unintended styling issues.
" dreamwhisper
Slated for Next Release 42351 Customizer: Text widget loses Visual tab data when moved from one widget area to another Widgets 4.8 normal normal 5.0 defect (bug) new 2017-10-27T01:07:42Z 2017-11-23T18:17:18Z "I moved my text widget to a different widget area, and now the content in the visual tab is empty, and I can’t click into the text area. If I switch to text, I see the content. Throughout this, I can also still see my content in the preview pane.
If I save, my content remains. Then, if I close and reopen the Customizer, it shows back up. There are no related console errors.
This only appears when I move the Text widget from one widget area to another. If I move it around within the same widget area, it's fine.
@westonruter says:
> The problem is when the control gets moved in the DOM the editor iframe needs to be re-initialized. I think we are accounting for a widget being reordered in a sidebar but not when moved between sidebars.
See attached screenshot and https://wordpress.slack.com/archives/C0381N237/p1509058118000165." melchoyce
Slated for Next Release 43448 Document $wp_registered_sidebars global in wp_map_sidebars_widgets() Widgets normal normal 5.0 defect (bug) new has-patch 2018-03-01T06:48:48Z 2018-03-07T16:27:15Z global $wp_registered_sidebars is used but it is not mentioned in the documentation of the wp_map_sidebars_widgets() function. mukesh27
Slated for Next Release 42461 Drop sanitize_text_field() for widget titles in forms Widgets normal normal 5.0 defect (bug) new has-patch 2017-11-07T18:41:44Z 2017-12-04T03:02:46Z "In several widgets, the `sanitize_text_field()` function is used to sanitize the widget title before it is output in the widget `form()` method (note: not the `update()` method). This is prior to the widget title being escaped via `esc_attr()` in the text input field.
The handling of this is inconsistent between widgets (some do this, some don't).
I originally posted about this in #33235 when `strip_tags()` was being used. I was working on a plugin to allow a limited subset of inline HTML within widget titles. Plugin for testing: https://github.com/justintadlock/widget-title-html
I erroneously thought the issue was corrected, but it wasn't. It looks like I didn't thoroughly test things.
While I'd like for my plugin to actually work across the board at some point and don't think `sanitize_text_field()` is necessary in the form, at the very least, this should be handled consistently in the core widgets.
The following widgets seem to use both `sanitize_text_field()` + `esc_attr()`:
* Archives
* Calendar
* Categories
* Meta
All other widgets do not." greenshady
Slated for Next Release 43139 Gallery widget preview incorrectly updated after one image gets deleted Widgets 4.9 normal normal 5.0 defect (bug) new has-patch 2018-01-21T15:54:19Z 2018-02-23T21:54:55Z "To reproduce:
- go in the widgets screen
- create a gallery widget with 7 images and save
- the preview displays 6 images, the last image has an overlay with text ""+2""
[[Image(https://cldup.com/mbKHvWdzjI.jpg)]]
- go in the media library
- delete one of the images used for the gallery
- go back in the widgets screen and open the gallery widget to see the preview
- the preview displays 5 images, the last image has an overlay with text ""+2""
[[Image(https://cldup.com/8e2LlQpa5f.jpg)]]
Since there's room available for the 6th image, the image should be displayed and the overlay with text ""+2"" shouldn't be there. Same happens in the Customizer.
Note: Clicking ""Edit Gallery"" to make the media modal open and then clicking ""Update gallery"" rebuilds the preview ""fixing"" the issue." afercia
Slated for Next Release 43137 Media widgets: Improve the image and gallery previews accessibility Widgets 4.9 normal normal 5.0 defect (bug) new has-patch 2018-01-21T14:30:48Z 2018-01-22T16:36:42Z "Context: in the front-end, the image alt attribute must describe the purpose of the image or must be empty if the image is not a key part of the content and is purely decorative.
Instead, in the admin screens we're in an editing context. As a user, while authoring content, I need to know what the image is, regardless if the image has or has not an alternative text.
The image widget preview already does something to always provide some info about the image. When the image has no alternative text, it uses an `aria-describedby` attribute pointing to a hidden element that contains some info about the image file name:
[[Image(https://cldup.com/uoRHlQWnmn.jpg)]]
Pretty smart. Without this the image wouldn't provide any useful information to assistive technologies and users wouldn't have any clue what the image is about. It can be improved a bit, as the proper way to give an accessible name to an image is using an `aria-label` or `aria-labelledby` attribute, not an `aria-describedby` attribute.
Instead, the preview of the new gallery widget introduced in WordPress 4.9 always prints out an empty alt attribute `alt=""""` for all the images. Worth reminding images with an empty alt attribute are completely ignored by assistive technologies. When navigating through the preview, the only information provided is the textual content for the ""more images"" text (it appears only when the gallery contains more than 6 images). Also, each image is within a `

` element, that doesn't give any useful information to users:
[[Image(https://cldup.com/m07kUdxgho.jpg)]]
[[Image(https://cldup.com/PYrQBKhoAB.jpg)]]
[[Image(https://cldup.com/wKboHchwkB.jpg)]]
I'd like to propose to use the same pattern used for the Image preview, and provide some extra info for each image in the gallery. Also, as a user I'd like to know how many images are displayed in the preview: using an unordered list with each image in a `

` element would make assistive technologies announce that automatically.
" afercia
Slated for Next Release 40677 Widgets page is not accessible for keyboard users afercia Widgets normal normal 5.0 defect (bug) assigned has-patch 2017-05-05T15:18:41Z 2018-05-11T17:34:41Z "Hi,
I noticed that widgets page is not accessible for users that navigate with keyboard.
A good point is that drag and drop is not the only solution to add a widget into an area but this page needs some enhancements to be accessible for keyboard users (blind people, people with motor disability, and even people with no handicap).
This is my list:
* Available widgets can't be focused.
Solution : If we add a ""tabindex=""0"""" attribute on "".widget.ui-draggable"" elements, we can focus them and open it just like a click. And we need to add a focus style to see focus on elements.
* A keyboard user can't select the area where he wants to add the widget because a TAB or arrow navigation automatically select the following choice. So he can just add widgets in the last area.
Solution : deactivate TAB navigation on elements and just allow arrow navigation. This would be equivalent to radio buttons navigation. TAB would be just to go to ""Cancel"" or ""Add widget"" button. Also add a screen reader text to tell which choice is selected (blind people can't see the checked icon).
* This page is divided into 3 parts : ""Available widgets"", ""Inactive widgets"" and all widgets areas. The ""all widgets areas"" has not title to quickly navigate into it.
Solution : add a ""h2"" title on the third zone (""Widgets areas"" for example) and replace ""h2"" title of widgets areas by ""h3"" (logical, right?)
* Widgets in areas can't be deactivated with keyboard because we need to drag them back.
Solution : Add a link ""Deactivate"" next to the ""Delete"" one.
* Widgets areas can't be opened with keyboard because arrows are ""div""s and not buttons.
Solution : be inspired by the left column of the page to add menus (there is tabindex and screen reader text to explain)
* Widgets in areas also have an arrow to hide / show. The arrow is a link and that's a good point but there no text in it.
Solution : add a screen reader text to explain what that link does (blind people can't see the arrow)
Thank you for your help" juliemoynat
Slated for Next Release 42549 Widgets: Allow gallery widget to display images from currently-queried singular post if no images selected Widgets 4.9 normal normal 5.0 enhancement new dev-feedback 2017-11-14T18:22:48Z 2017-11-22T18:17:04Z In #42548 (pending) a `[gallery]` placed inside of a Text widget will result in the attachments for a given post to be used in the gallery when the widget appears on a singular template. The same behavior could be allowed for the Gallery widget as well. If you add a gallery widget to a sidebar but don't add any images to it, the widget could conditionally show if it is being rendered on a singular template for a post that has image attachments. westonruter
Tickets Awaiting Review 28747 $.wpColorPicker cannot duplicate elements Widgets 3.9.1 normal normal Awaiting Review defect (bug) new 2014-07-04T09:26:00Z 2015-12-03T19:07:34Z "I can't `clone()` wrap `div` when I use with `wpColorPicker`. If I just running the `$.wpColorPicker` method again, I see two instance about this.
What I can to do for duplicate?" KingYes
Tickets Awaiting Review 42001 Active Widget Not Fully Visible ashokrd2013 Widgets normal normal Awaiting Review defect (bug) assigned has-patch 2017-09-27T04:23:55Z 2018-02-08T16:26:55Z "Patch to add ""active"" class to selected widget and have it fully visible. When you click a toggled/open widget, the widget should be on the front of the other widgets.
[[Image(http://sheferstudio.com/wp-content/uploads/2017/09/wp-issue-active-widget.png)]]" fervillz
Tickets Awaiting Review 21396 Categories widget reports categories without posts when they have custom posts Widgets 3.4 normal normal Awaiting Review defect (bug) new 2012-07-27T02:36:46Z 2015-09-02T03:54:37Z "This problem may be related to #14084, but this report is specific to the behaviour of the Categories Widget.
- Create a custom post type eg. ""Products""
- Create a category eg. ""Photographs""
- Add some posts of type Products, assign them to category Photographs
- go to the blog page and the Categories widget lists Photographs as a category
- click on Photographs
- the ""Nothing Found"" post is shown.
There are no normal posts of category Photographs, but the widget lists a category that returns nothing. I would have expected the widget not to list a category that has no normal posts.
" pkwooster
Tickets Awaiting Review 43121 Custom HTML Widget Warning Tooltips Error Widgets 4.9.2 normal normal Awaiting Review defect (bug) new 2018-01-17T22:16:24Z 2018-01-19T14:26:14Z "I am using Custom HTML widgets in the current version of WordPress, and I have noticed an error in the display of warning tooltips within the current version of Firefox.
When I mouseover a warning icon in the Custom HTML widget, the resulting tooltip displays beneath the editor pane, making the warning text unreadable.
'''Warning Tooltip in Firefox:'''
[[Image(https://img.nettech.net/Temp/CustomHTMLWidget_WarningTooltip_Firefox.jpg)]]
The same warning tooltip appears correctly in the latest versions of Chrome and Edge.
'''Warning Tooltip in Chrome'''
[[Image(https://img.nettech.net/Temp/CustomHTMLWidget_WarningTooltip_Chrome_Edge.jpg)]]
I have not tested across themes, so for reference I am currently working within Front Page sidebars in a Genesis child theme. I have tested the same widget across Firefox, Chrome, and Edge, and only Firefox exhibits the described behavior." JosefNT
Tickets Awaiting Review 43657 Custom HTML widget editor content not updating after save Widgets trunk normal normal Awaiting Review defect (bug) new has-patch 2018-03-28T17:22:21Z 2018-03-28T17:27:27Z When updating the Custom HTML widget content on save the `updateFields()` function checks if `0 !== control.currentErrorAnnotations`. This fails as `control.currentErrorAnnotations` is an array. barryceelen
Tickets Awaiting Review 41500 Custom TinyMCE style formats not working for Text Widget azaozz Widgets 4.8 normal normal Awaiting Review defect (bug) assigned 2017-07-31T21:47:19Z 2017-09-05T20:25:14Z "This is a follow-up to #35243.
I'm not sure what the source of the error is, but custom TinyMCE style formats do not work with the new Text Widget.
The `mce_buttons`, `mce_buttons_2`, etc. filters all happen before the `tiny_mce_before_init` filter, however, buttons are added differently for the new Text Widget. I'm not sure how, bu the only documentation provided to interact with the Text Widget I could find is here, and it is done through JS rather than WP filters.
https://make.wordpress.org/core/2017/05/23/addition-of-tinymce-to-the-text-widget/
I'm a little bit familiar with extending TinyMCE. Since `styleselect` is a baked-in button for accessing style formats, you can change the code to add it in, like this:
{{{#!js
jQuery( document ).on( 'tinymce-editor-setup', function( event, editor ) {
editor.settings.toolbar1 += ',styleselect';
});
}}}
However, as the ticket title mentions, custom style formats added in with the `mce_button` filters do not seem to affect Text Widget's visual editor's `styleselect` choices. Only the defaults show.
Also, doing it this way adds the buttons to ALL TinyMCE instances. I can probably just check for a class in the DOM, but it feels really inappropriate to add a button this way when there are already pre-existing filters for modifying the buttons. The fact that this editor instance affects both Text Widget and the main Visual Editor for posts is confusing. It implies they're the same instance, but you can't modify them in the same way.
I've looked forever and tried to figure out how the Text Widget editor is instantiated with the stripped down toolbar. If anyone wants to point me in the right direction, I'd love to tackle this bug (assuming this isn't intentional).
If you'd like to test out this problem for yourself, you can use this test code below. You will see ""Formats"" being added to the Text Widget via JS, but it affects all instances. The `mce_buttons` will only add it for the posts' TinyMCE instance. Style formats are presented differently depending on which editor you're using. The custom ones don't get added to the Text Widget.
{{{#!php
'Swag',
'inline' => 'span',
'classes' => 'swag',
'wrapper' => true,
),
);
$formats['style_formats'] = json_encode( $style_formats );
return $formats;
}
add_filter( 'tiny_mce_before_init', 'my_tinymce_formats' );
function my_mce_buttons( $buttons ) {
array_unshift( $buttons, 'styleselect' );
return $buttons;
}
add_filter( 'mce_buttons', 'my_mce_buttons' );
// for demonstration purposes, not how I'd actually implement! :P
function my_text_widget_buttons() {
ob_start();
?>
Slim Jetpack.
2. Add one of the Slim Jetpack widgets to the ""Primary Sidebar"" for example ""Gravatar Profile (Jetpack)"".
3. De-active Slim Jetpack.
4. Activate ""Twenty Thirteen"" theme.
5. Activate ""Twenty Fourteen"" theme.
6. Activate ""Slim Jetpack"". Unfortunately, the custom widget is lost.
If you had normally de-activated and re-activated Slim Jetpacks, the Primary Sidebar would be fine. If you had done 4 and 5 without 3, everything would be good.
But doing the steps as above, the widget is no longer in the sidebar - not even under Inactive Widgets.
" asadkn
Tickets Awaiting Review 42743 Disable wp_options autoload for inactive widgets Widgets trunk normal normal Awaiting Review defect (bug) new 2017-11-29T04:25:59Z 2017-11-29T04:55:07Z "Options/settings for all widgets are saved in wp_options with autoload=yes, but autoload is enabled for the wp_options even for deactivated widgets.
On sites with many widgets installed (but not even activated), the size of data transferred from the DB to the PHP host on each and every page request can add significant overhead and introduce noticeable slowdowns.
I can't see a reason why autoload can't be disabled on deactivation of a widget, preloaded on navigation to the widget settings page, and then re-enabled when said widget is activated." ComputerGuru
Tickets Awaiting Review 29261 Enqueue script in Widget Widgets 3.9.1 normal normal Awaiting Review defect (bug) new has-patch 2014-08-19T07:46:11Z 2015-12-03T07:17:34Z I am trying to use wp_enqueue_script inside function widget of the Widget class. But it seems like when I print html it doesn't use the javascript functions which I enqueue before. This enqueue script works well if I use for shortcode inside shortcode and later print html. Is this a bug or there is any workaround for using enqueue inside widget function that will properly handle my html also? zishanj
Tickets Awaiting Review 43198 Error saving widgets with html code - ModSecurity active - in some host services Widgets 4.9.2 normal normal Awaiting Review defect (bug) new 2018-02-01T14:10:20Z 2018-02-01T14:10:20Z "Hello.
Problem: When I go into the administration panel at Apearance - Widgets, and want to add a text box to a sidebar, the box saves just plain text, not accepting it with html content. When the save button is pressed, nothing happens, the process having no end.
Answer from my host service:
""I'm asking you to modify your site with the ModSecurity module deactivated.
You can disable this module from the cPanel interface, the section called ""ModSecurity""
Recently, WordPress changed their platform without considering that the new site editing methods are not safe and easy to explode, resulting in many situations where it violates multiple ModSecurity rules.""
Maybe a similar problem is related here:
https://hameedullah.com/whitelisting-wordpress-admin-wp-admin-in-mod_security-to-avoid-404-on-post-save-or-post-preview.html" attosoftonline
Tickets Awaiting Review 40793 Events widget on back button loses location Widgets normal normal Awaiting Review defect (bug) new 2017-05-17T21:21:01Z 2017-05-17T21:22:38Z "I noticed that if you save a location, visit a meetup, then click back button in browser, you will lose your location. It returns on refreshing your browser.
Here is video:
[[Image(https://cldup.com/pyYG5Z4gtz.gif, 50%)]]
" karmatosed
Tickets Awaiting Review 43171 Image Title Not Carrying through on Insert Widgets 4.8 normal normal Awaiting Review defect (bug) new 2018-01-28T16:35:54Z 2018-01-29T18:34:31Z "If I go into a post, page, or widget and insert and image the image title does not come through on that original insert. This happens with either a new uploaded image or one from the gallery. I can set the alt-text, caption, title, and such, but when it is inserted the title is the only field not to come through. It is blank. I can then go in and edit the image and fix the title and it takes. If I am editing an image in the image widget, the same thing happens. And if it is an existing image widget that I am just changing the image in, it will actually leave the title from the previous image - not blank it out or use the newly specified title. I have verified this with new images, edited images, uploaded images, images from the media library, different image formats, etc... And verified on multiple sites, on different hosts, with any and or all plug-ins deactivated or activated. Oh, and different themes. Everything from complex magazine theme to standard WP TwentyTen theme and stuff in between. Can give access to sites where this happens. Actually, I have found no sites where it actually works correctly.
" carnellm
Tickets Awaiting Review 37893 Implementation of is_registered_sidebar() doesn't match its documented signature welcher Widgets 4.4 normal normal Awaiting Review defect (bug) assigned 2016-08-31T11:26:35Z 2017-05-23T11:29:37Z "Function `is_registered_sidebar()` was added in release 4.4 but the documentation for its function signature was changed after the initial commit and now no longer matches the implementation (see #24878).
The implementation of the function requires the string kind of sidebar ""id"" and will not accept a numeric ""id"" which would first need converting to a string of the form ""sidebar-$id"".
The simplest fix would be to just change the documentation, but if this function is considered useful for themes/plugins (as I suspect it is), additional code would be needed to convert a numeric parameter appropriately (see the beginning of existing function `is_active_sidebar()` for example).
If this code change is applied, then for consistency a similar change should probably be made to function `unregister_sidebar()` which also only accepts a string sidebar ""id"" and confusingly refers to it as the ""name"" (this more properly refers to the displayable name/title for the sidebar).
Suggested patch incoming, although in the patch I didn't rename the parameter to `unregister_sidebar()` as I'm not sure whether there are any backwards-compability issue with that." mdgl
Tickets Awaiting Review 43211 Large number of widgets freezes the browser and makes widget admin unusable Widgets 4.8.3 normal normal Awaiting Review defect (bug) new 2018-02-02T01:06:37Z 2018-02-05T16:08:05Z "Having a large number of widgets can freeze the browser for minutes while loading, and crashes Firefox when viewing source. On a site with a little more than 500 widgets (mostly ''text'' widgets!) it can be completely unresponsive for some time loading wp-admin/widgets.php
Tested in Firefox and Chrome beta." programmin
Tickets Awaiting Review 27180 Remove Hidden Widget UI Widgets 3.8 normal normal Awaiting Review defect (bug) new 2014-02-21T22:09:25Z 2015-12-03T18:30:24Z "I have come up with a issue with the new widget enhancements.
The fact that we have to drag the widget a long way to move it to inactive status. On most screens this is below the visual area of the screen. Yet the only UI to collapse and expand the available widget area is hidden and you don't see it until your hover over text that doesn't appear or look like something you would hover over to see a user interaction. This makes it hard to us or even know it is their or available.
The other UI issue also have to do with the widget placement as well.
When you go to add a widget it asks you if which area do you want it added to. (For example: Main Widget Area or Secondary Widget Area) But when removing the widget the only options you have (without dragging them) is close and delete. There is no ""Move to Inactive""
Once a widget is in the Inactive Widgets area you can't add the widget via the button you once could in the new widget area. Can we have just one experience for both New and Inactive Widgets?
I also have a Screencast which you can see here: http://f.cl.ly/items/0a293y0P363W1p0V2A11/Widget-Screen-Recording.mov
" RDall
Tickets Awaiting Review 27307 Text Widget size spill over the side of Widget Container in random width. Widgets 3.8.1 normal normal Awaiting Review defect (bug) new dev-feedback 2014-03-06T22:41:03Z 2017-05-26T13:45:11Z "About 75 percent of the time when I add a text widget item to a widget area. The widget spills over the left side of the area. See Screenshot http://cl.ly/image/3Y363s242a3y
What is odd about this is that it only happens sometimes and it has randomly width that it spills over as well. See additional screenshot. http://cl.ly/image/3H3X371R0n3l
If you expand the browser window the widget size actually expands as well. But seems to keep what ever margin it had on the left constant. Have another screenshot here from my trunk build. http://cl.ly/image/3E203q083Z3V
I tried a search in Widgets for trac and couldn't find anything related. If this is proper UI for widgets it does seem a little random to me.
" RDall
Tickets Awaiting Review 16773 Unescaped preg_match breaks with PHP 5.3 Namespaced Widget Classes. Widgets 3.1 normal minor Awaiting Review defect (bug) new needs-unit-tests 2011-03-06T13:31:25Z 2017-01-15T06:02:01Z "In file '''/wp-admin/includes/widgets.php''' at line '''118''' in function '''next_widget_id_number''' we have:
{{{
preg_match( '/' . $id_base . '-([0-9]+)$/', $widget_id, $matches )
}}}
It generates very ugly warnings ''for Namespaced Widget Classes'' as it should cuorrectly be:
{{{
preg_match( '/' . preg_quote($id_base, '/') . '-([0-9]+)$/', $widget_id, $matches )
}}}
Thanks.
'''PS''': ''I think you should do a whole sanity check regarding use of Namespaces and Closures. I'm currently switching completely to PHP 5.3 style and I'll keep you updated if I find other... problems.''" 5ubliminal
Tickets Awaiting Review 41892 Widgets Disappear from Admin 4.8.1 Widgets 4.8.1 normal normal Awaiting Review defect (bug) new 2017-09-15T18:24:21Z 2017-09-15T20:59:28Z "I have seen similar reports of this bug - such as #41659 - I am hoping that this additional detail will get this bug higher in the list to fix.
I have a copy of a website in a test environment. If I add a widget to a sidebar that was on the website prior to upgrading to 4.8.1, such as ""Custom Menu"" or ""Recent Posts"" it appears to behave correctly. However, I have added three new plug-ins: ""jQuery Archive List Widget"", ""List Custom Taxonomy Widget"", and ""Collapsing Archives"" since the upgrade. I have done the below testing with each plug-in being the only active plug-in.
When I put one of the widgets in a sidebar and save, I can go to the page where the sidebar is and see the widget functionality (sometimes), but when I return to the widget admin area the widget is no longer listed in the sidebar. When you go back to the page the sidebar functionality is no longer showing. It just disappears!
It seems that when you add the widget back to the sidebar multiple times the plug-in functionality does not always show on the page with the sidebar. It just stops working.
I have confirmed this behavior with ALL plug-ins disabled, except for one of the new plug-ins I listed above, and theme Twenty Sixteen activated.
I am hoping that this issue can get resolved asap." judyvedder
Tickets Awaiting Review 31189 Widgets editing screen don't handle expired nonces gracefully Widgets normal normal Awaiting Review defect (bug) new 2015-01-31T02:12:19Z 2015-05-01T21:07:53Z "The Widgets screen doesn't handle an expired nonce gracefully, and can result in the user thinking something saved, when in actual fact it was silently discarded.
For example
- Adding/Removing Widgets appears to work, doesn't take effect
- Editing a Text Widget (or any titles of other widgets) and hitting save will result in a spinner, and then disappear the same way a successful save operates, even though the ajax calls returned `-1` to signify a nonce error / not logged in error
" dd32
Tickets Awaiting Review 23909 Widgets settings loaded and instances registered unnecessarily Widgets 3.5.1 normal normal Awaiting Review defect (bug) new 2013-03-30T16:02:05Z 2016-03-09T19:12:40Z "The settings for all registered multi-widgets get loaded with each request in `widgets_init`, and all widgets get registered even if they are never used (e.g. inactive ones). As the total number of inactive widgets tend to grow over time, the result is slower and slower page loads across all of a WordPress install.
Ideally only the widgets returned by `wp_get_sidebars_widget()` would only get loaded and registered, though this would have an impact on how the widgets in the Customizer work." alex-ye
Tickets Awaiting Review 41070 register_sidebar and dynamic_sidebar inconsistency Widgets 4.8 normal normal Awaiting Review defect (bug) new 2017-06-15T13:30:11Z 2017-06-23T07:15:20Z "Let's register a sidebar in functions.php and use digits for the value of the id key.
{{{#!php
'test123',
// or 'id' => '123',
// or 'id' => 123,
'name' => 'test - Mega Menu',
) );
}}}
After that, the Widget is showing up at ''Appearance > Widgets''. But when we'd like to retrieve this widget using the dynamic_sidebar function, it won't work:
{{{#!php
'

'`
`'after_sidebar' => '

'`
or
`'before_sidebar' => '

'`
`'after_sidebar' => '

'`
If this feature is considered then I'm not sure whether 'before_sidebar' or 'before_widget_area' is a better choice for the attribute name." dgwyer
Tickets Awaiting Review 34226 Add 'widget_display_callback' filter to the_widget() Widgets 4.3.1 normal normal Awaiting Review enhancement new needs-unit-tests 2015-10-08T22:11:32Z 2015-12-08T05:16:27Z "When a widget is output through a registered sidebar it passes through the 'widget_display_callback' filter (see 'display_callback' in 'wp-includes/widgets.php', allowing for short-circuiting. This is not the case when 'the_widget' is called, however. This patch simply adds the same feature to that function.
The reason I came across this is because I am using the [https://wordpress.org/plugins/display-widgets/ Display Widgets] plugin to hide widgets under certain circumstances. It hooks into 'widget_display_callback', runs some logic, and returns false if it should not appear. Using 'the_widget' in a template file, I noticed that the widget still appeared.
It seems logical to me that any time a widget is displayed, it should go through this filter." MarcGuay
Tickets Awaiting Review 23008 Add a Hook To Hide Inactive Widgets Widgets 3.5 normal normal Awaiting Review enhancement new dev-feedback 2012-12-19T19:59:12Z 2015-05-12T08:24:39Z "Hello,
This is my first feature request so hopefully I'm going through the process correctly. Onto the request...
Adding a hook to remove or hide the Inactive Widgets sidebar on the WordPress Admin Widgets page would be very useful for developers who don't use the area and want to be able to hide it for better UX.
If this is approved I would love to submit a patch. :)" BFTrick
Tickets Awaiting Review 41138 Add classes to Widgets in widgets.php and customize.php pages Widgets normal normal Awaiting Review enhancement new 2017-06-23T16:37:07Z 2018-03-22T19:38:50Z "Add widget base id class to widgets so developers could add custom CSS styles to their custom widgets.
Currently the widgets have only ""widget"" class and ""ui-draggable"".
What do you think? I think it's a great idea to highlight custom widgets with different colors, so users can easily find new installed widgets from plugins. (Maybe some one with have other purposes)" alexvorn2
Tickets Awaiting Review 40203 Add post thumbnail to Recent post widgets Widgets 2.8 normal normal Awaiting Review enhancement new 2017-03-19T12:28:51Z 2017-11-21T20:29:21Z "I've seen a lot of people including their own widgets that extend the current capability of the Recent posts widget.
While we don't need to add huge amount of options to it, I find it odd that there is no show post thumbnail option in the widget. The date exists, and the image would be a good addition to it." dingo_bastard
Tickets Awaiting Review 32987 Adding filters to allow alternate sidebar storage for registered sidebars Widgets 4.3 normal normal Awaiting Review enhancement new dev-feedback 2015-07-14T04:21:02Z 2015-09-17T02:07:53Z "Currently sidebars are stored in the `sidebars_widgets` option in the database which for site with many sidebars can be very inefficient.
I would like to propose a means of being able to change how the information is stored.
I have introduced two filters that allow a user to have access to the information being saved or requested. This is backwards compatible but gives the option of using, for example ,a post type to store the data." welcher
Tickets Awaiting Review 20596 Adding more actions to a widget Widgets normal normal Awaiting Review enhancement new dev-feedback 2012-05-02T00:14:28Z 2015-05-12T08:25:11Z "On the Widget UI, there is a ""Close"" button, aside with the ""Delete"" button, and I that developers should have a way to add more of those.
For exemple, I would see as a good use case when you have a way of previewing the widget.
Because right now the only way is by JS which is kinda of lame.
Thanks," webord
Tickets Awaiting Review 36532 Allow Reordering of Available Widgets Widgets normal normal Awaiting Review enhancement new 2016-04-14T21:12:22Z 2016-04-18T15:57:07Z "It's common to see sites with 20 or even 30 widgets, even when the site user only needs a few of them:
- Example 1: Core still ships with Tag Cloud and Meta widgets that I'd guess are barely ever used.
- Example 2: It's always a bummer that the Text widget starts with ""T""...
- Example 3: Jetpack adds a bunch of widgets, but I often only need one.
Yesterday, I observed a client trying to drag-and-drop reorder the list of Available Widgets. I thought that was a perfectly reasonable thing to try, and realized I would love to do that on every site. This seems even more reasonable considering that a user can already reorder Inactive Widgets.
I considered requesting that each widget be togglable via Screen Options, but I realize this wouldn't quite make sense given that a user could then hide an existing widget type. So among the options I can think of, I think the ability to reorder Available Widgets would be a relatively minor UI change with a potentially large UX improvement!" mrwweb
Tickets Awaiting Review 38031 Allow modifying args for the_widget Widgets 4.7 normal normal Awaiting Review enhancement new 2016-09-13T05:55:19Z 2016-09-13T19:31:25Z "Some plugins used function the_widget outside of sidebar with default args, this enhancement should be added to the next version so theme developers can modify args
Original code:
{{{#!php
`, where `%s` is the widget's class name.
* @type string $after_widget HTML content that will be appended to the widget's HTML output.
* Default ``.
* @type string $before_title HTML content that will be prepended to the widget's title when displayed.
* Default `

`.
* @type string $after_title HTML content that will be appended to the widget's title when displayed.
* Default `

', $link_html);
}
else {
return $link_html;
}
});
}}}" basteln3rk
Tickets Awaiting Review 30996 As a theme developer / user, I want to have the `current-cat` / `current-cat-parent` classes on the built-in Categories widget based on the current post Widgets 4.1 normal normal Awaiting Review enhancement new 2015-01-12T21:17:37Z 2015-08-06T17:32:33Z "In order to style the built-in Categories widget according to current post / page,
as a theme developer / user,
I want to have the `current-cat` / `current-cat-parent` classes on the built-in Categories widget based on the current post (i.e. on single post / page / custom post type).
Implementing this feature / enhancement will involve modifying `wp-includes/category-template.php`, specifically `Walker_Category#start_el`.
This is my first time submitting a ticket here, please correct me if I'm not following any guidelines. I did a search on existing tickets for such feature / enhancement but couldn't find any.
Thank you." LongYC
Tickets Awaiting Review 38888 Change `init` Priority For Hook: `widgets_init` Widgets 2.3 normal normal Awaiting Review enhancement new 2016-11-21T16:20:59Z 2016-11-21T16:33:57Z "The action/hook `init` is used for Custom Post Types and Custom Taxonomies to be registered.
Most developers register Custom Post Types and Custom Taxonomies on `init` with the default priority of (10) -- Especially since that's how the examples are illustrated in the documentation on how to register Custom Post Types and Custom Taxonomies.
Action/hook `widgets_init` is fired ON action/hook `init` with a priority of (1).
You can see this if you look in `default-filters.php` for:
{{{
// Widgets
add_action( 'init', 'wp_widgets_init', 1 );
}}}
'''So what's the problem?'''
Widgets are completely unaware of Custom Post Types and Custom Taxonomies, since they're registered on `init` with the default priority of (1) BEFORE the Custom Post Types and Custom Taxonomies are registered for the most part on `init` with a default priority of (10).
'''How to allow Widgets to be aware of Custom Post Types and Custom Taxonomies?
'''
Simple. Change the priority from (1) to (10).
{{{
// Widgets
add_action( 'init', 'wp_widgets_init' );
}}}
Thoughts? Would this effect anything else? Why was it initially set to (1)? Is there a reason for that?
If you want to make a push for the Theme Customizer, don't you think it would be beneficial for Widgets to be aware of Custom Post Types and Custom Taxonomies?" michael.ecklund
Tickets Awaiting Review 26624 Enhancement: Sidebars on backend should be fixed Widgets 3.8 normal normal Awaiting Review enhancement new 2013-12-14T16:24:59Z 2015-10-04T00:52:33Z "In 3.8 assigning a widget to a sidebar is not quite right. If you have long list of widgets you cannot scroll down and drag the widget on right inside the sidebars because its on very top.
The sidebars on right should have a fixed position, so that when you scroll down the sidebars scroll down with you.
imho, it should be like this for better UX:
http://www.screenr.com/UdVH
Thanks" tislam100
Tickets Awaiting Review 16613 Extend Widget API to allow sidebar/widget manipulation Widgets 3.1 normal normal Awaiting Review enhancement new 2011-02-21T22:55:17Z 2015-12-03T17:16:38Z "There is currently no easy way to add a widget to a sidebar using code. We should add methods of doing this.
A good example usage of such an API could be when a new theme is activated, it could add it's custom widgets to it's sidebar.
API should provide support for adding widget X to sidebar Y (or even just the first sidebar) along with setting some options for the widget and where in the sidebar to add it (top vs. bottom)." Viper007Bond
Tickets Awaiting Review 38248 Extend Widgets UX and Capabilities Widgets 4.7 normal normal Awaiting Review enhancement new 2016-10-06T18:11:29Z 2016-10-07T11:25:32Z "After some great discussion in #37974 and at the recommendation of @folletto, I wanted to create a ticket to help foster the discussion and improvement of widgets in WordPress. As @folletto said:
> Widgets are powerful. Widgets are also massively under-utilized in WordPress. We should totally work to make widgets easier to use, interact (drag'n'drop?).
Here are some critical questions to help guide this:
* How can widgets become more extendable within WordPress?
* How can widgets become easier to use for users?
* How can widgets be easier to work with for themers?
Let's figure out what the next version of Widgets looks like." davidakennedy
Tickets Awaiting Review 42324 Extending the use of the Text widget by adding heading drop down and alignment icons. Widgets normal normal Awaiting Review enhancement new 2017-10-24T15:21:35Z 2017-10-30T07:14:50Z "When the text widget was created it left out adding media (which has now been added for 4.9) but it does still not include adding a heading or alignment by clicking a button.
To make the text widget even more useful it would be nice to also include:
- Heading
- Alignment
These are typical features from TinyMCE that would improve the text widget.
" paaljoachim
Tickets Awaiting Review 43120 HTML Tag Auto-Formatting in Custom HTML Widget Widgets 4.9 normal normal Awaiting Review enhancement new 2018-01-17T21:12:25Z 2018-01-18T01:28:52Z "As a developer using WordPress multisite to manage a stable of client websites, I have quickly become a big fan of the Custom HTML widget. The syntax highlighting combined with the removal of the auto-paragraph formatting of text widgets has provided a much friendlier interface for my daily work building and maintaining sites.
However, in addition to syntax highlighting, the latest update has also introduced another new behavior that is quickly becoming the bane of my coding workflow. Typing the closing angle-bracket at the end of any block-level HTML tag initiates an auto-formatting routine that completely derails my coding process.
For example, typing {{{

}}} or {{{

}}} automatically generates the closing {{{

}}} or {{{

}}} tag after the cursor, respectively. This behavior mimics the automations of many popular IDEs, and it is a big time-saver if implemented well.
However, the current implementation in the Custom HTML widget takes the automation a step too far with block-level tags, also adding carriage returns and indentation to my code where I don't want either.
I understand that many coding best-practices prescribe this format to make code easier to read and maintain, which is true for coding in an adjustable-width IDE window or frame. But for the widget editor that's limited to a width of around 340 pixels (without accounting for padding), I prefer to organize my code into segments broken into logical blocks with whitespace between them and everything flush-left.
Currently, the contents of a typical Custom HTML widget in my environment look like this (line breaks added to approximate editor width):
{{{

Image 3 Title

Image 3 Caption

Image 4 Title

Image 4 Caption

[/su_column]
[/su_row]
[tabbyending]

}}}
Because I am using the Custom HTML widgets to build out large sections of pages within my sites, I end up having to scroll through lots of code within any single widget instance. Having a bunch of opening and closing tags on individual lines sprinkled with indents forcing extra text wraps is a pointless gesture that impairs quick-scanning and readability rather than improving it. This is especially true for sections involving deeply nested divs containing lengthy paragraph text and shortcodes.
Within the constraints of the editor, I would prefer the above code to appear in the below format (again, line breaks reflect real text-wrapping in the editor):
{{{

Image 3 Title

Image 3 Caption

Image 4 Title

Image 4 Caption

[/su_column]
[/su_row]
[tabbyending]

}}}
Because I prefer to keep my code flush left, the editor's auto-indentation for nested block-level tags keeps offsetting my closing tags and requires backspacing/deletion of both the indents and the carriage returns.
While I realize that many developers may prefer strict adherance to best-practices, I also expect those same developers ultimately prefer the ability to decide upon their own standards without having someone else assume what's best and impose those assumptions into their development environments.
I believe the best implementation of IDE features into the Custom HTML widget should involve the ability to adjust such formatting presets as they are introduced. This would allow end-users to apply such enhancements according to their individual preferences and prevent distractions from the introduction of unwelcomed ""improvements"".
Perhaps IDE preferences could be enabled through checkboxes below the editor pane for applying individual features:
- Syntax Highlighting
- Tag Completion
- Quotes Completion
- Auto-Indentation
and maybe even
- Line Numbers (to regain space in a constrained-width pane)
The editor would still perform analysis on each keystroke, but ""If Tag-Completion = false"" it could skip the tag completion subroutine, for instance.
My apologies for the verbosity of this ticket, but I wanted to fully illustrate my particular use-case.
As a frequent user of Custom HTML widgets, I am excited by the prospects of current and forthcoming enhancements, and I can't wait to see what improvements future updates bring." JosefNT
Tickets Awaiting Review 32065 Hide entire RSS widget when no items to display Widgets 4.2 normal normal Awaiting Review enhancement new 2015-04-22T16:53:38Z 2015-08-06T17:25:06Z "When a default RSS widget has no items to display, the following text is displayed: ""An error has occurred, which probably means the feed is down. Try again later.""
I don't believe that this message is particularly useful to readers and suggest that in the event that an RSS Widget is - for whatever reason - unable to display any items, that the widget just doesn't appear at all, rather than display an unhelpful and ugly message.
An alternative implementation is to conditionalize this output with something like current_user_can( 'edit_theme_options' ). This would allow users who can actually control Widgets to still see the output, but standard readers wouldn't have to see it." MadtownLems
Tickets Awaiting Review 27151 Live search of available widgets Widgets normal normal Awaiting Review enhancement new dev-feedback 2014-02-18T22:59:54Z 2017-07-07T20:42:22Z "On sites with lots of widgets, the act of scrolling to the bottom of the Widgets page, clicking a widget, and dragging the widget all the way to the top where your sidebar drop zone is can be painful.
Similar to the implementation of live search for themes, it would be nice to have a search box at the top of the ""Available Widgets"" div such that a user could use keywords to filter to a subset of available widgets.
Related #27112" danielbachhuber
Tickets Awaiting Review 28188 Make Natively-Outputted .widget_rss CSS Selector HTML5-Appropriate Widgets 3.9 normal normal Awaiting Review enhancement new 2014-05-09T05:57:31Z 2015-12-03T17:15:32Z "In regards to the natively outputted RSS Widget entitled `.widget_rss`, the post Author's name is currently outputted as wrapped in a `` tag.
An example of a natively outputted RSS feed block looks something like this for reference:
`Example RSSed PostApril 14, 2014

This is the space where the RSSed information appears. […]

Author`
Please note that the author of the RSSed post is being natively outputted as wrapped in the `` tag.
As per #27944 (ocean90's comment in particular) which references #24522 (re: proper way to tag comment authors), the natively outputted CSS selectors for the `.widget_rss` widget probably ought to be wrapped in something like: `` as opposed to ``.
Reiterating what ocean90 said: The `` tag is supposed to be used for a cited block of text (like a citation) rather than used to tag the/an author.
Additionally, changing the `` to `` will provide additional sitewide code uniformity (there's a word or phrase I am looking for and I can't remember it!) for a natively/vanilla outputted WordPress site (and especially if using a default WordPress theme) re: how author names are wrapped in tags.
Thanks!" EMG
Tickets Awaiting Review 32337 Menu and widget items removal without toggling Widgets normal normal Awaiting Review enhancement new 2015-05-11T07:23:29Z 2015-05-11T07:44:00Z "I have a proposal for Widgets and Menu sections in WordPress Dashboard. At first I have posted this in ideas section of wordpress.org and admin told me to post it here, so here it is.
I think that it would be great if there is an option to delete (remove) menu or widget item without toggling and opening their content. Maybe an X icon at the end. It would be really useful, much faster and easier to manage big menus and widgets.
Here are the screenshots of what i had in mind:
[http://s7.postimg.org/9obhywijv/menu_delete.jpg]
[http://s17.postimg.org/44ppdp7j3/sidebar_widgets_delete.jpg]
I hope this sounds good :)
All the best!" cookie_pa
Tickets Awaiting Review 35456 New args for apply_filters in WP_Widget_Archives Widgets normal normal Awaiting Review enhancement new needs-docs 2016-01-14T14:24:23Z 2016-03-17T09:10:15Z "I suggest add new arguments for Widget. For example I can use archive widget for another post types:
{{{#!php
We can’t find that audio file. Check your media library and make sure it wasn’t deleted.
> We can’t find that image. Check your media library and make sure it wasn’t deleted.
> We can’t find that video. Check your media library and make sure it wasn’t deleted.
> We can’t find that file. Check your media library and make sure it wasn’t deleted.
In two occasions we only use media type, but once we use ""file"" alongside of it and once we only use ""file"" and remove any mention of media (type).
I propose removing ""file"" completely and just using type of media. Second possibility is to always use ""file"", though I don't see that as needed." dimadin
Tickets Awaiting Review 35669 Store widgets in a custom post type instead of options Widgets 2.8 normal normal Awaiting Review enhancement new dev-feedback 2016-01-30T20:00:34Z 2017-11-01T15:03:27Z "Widget instances are stored in options. For a multi-widget (`WP_Widget`) the widget instances of a given type (`id_base`) are stored in a serialized array of instance arrays. A widget ID is comprised of a widget's `id_base` followed by a number which is the array index for that widget instance. For example, the third-created Text widget would have the ID `text-4` (note that multi-widget numbering starts at 2). Old single widgets do not include the numeric index after the `id_base`, and technically they could be stored anywhere (see #35656 for suggestion to deprecate old single widgets).
== Issues
There are several problems with how widgets are currently stored as options.
'''Scalability:''' For sites with a large number of widget instances, the entire collection of widgets must be unserialized with each request to access only one widget of a given type. (Note #23909 for how all widget instances get registered with every request.) For sites that use Memcached as an external object cache where cache buckets have a 1MB limit, since all widget instances of a given type are stored in a single option, sites with a huge number of widgets will overrun this limit. What's more is that widget options get registered as autoloaded, so all widget options will get combined together in the `alloptions` key, making widgets even more liable to overrun the 1MB cache bucket limit in Memcached.
'''Concurrency:''' Since all widget instances of a given type are stored in a single option, if two users attempt to update two separate widgets at the same time, it is possible that one of the updates will get lost (see #31245). Additionally, the widgets admin page and widgets in the Customizer both get loaded with the max number (array index) for each widget type. When a new widget instance is created, this maximum number is incremented in memory and used in the new widget ID which is then passed to the server for saving. If two users have loaded the UI at the same time, when they both create a widget of a given type and save their widget changes, the one who saves last will overwrite the other user's widget since the two widgets would have the same ID. (See #32183 for more about the widget ID collisions, and see [https://wordpress.org/plugins/customize-widgets-plus/ Customize Widgets Plus] for a “Widget Number Incrementing” component which uses Ajax to generate new widget IDs in a more concurrency-safe manner.)
'''Addressability:''' As noted above, widget instance IDs are comprised of the widget type's `id_base` followed by the array index `number`. Two different widget instances can have the same `number`, such as `search-3` and `text-3`, since the `number` is incremented in the scope of the instances of the given type. No other objects in WordPress are identified by strings in this way, that is as of now: taxonomy terms actually used to have to be addressed by a numeric term ID and taxonomy name until term splitting happened in 4.2 (see #5809). Now, however, a term can be uniquely identified by a single integer ID.
All of the above issues would be resolved by switching to store widget instances in a custom post type, where each widget instance has a single unique auto-incremented post ID.
== Advantages
Storing widgets in custom post type has several benefits beyond fixing the above issues, including:
* widget authorship attribution
* revision history
* import/export
* querying
* widget drafts
* scheduled widgets
== Data Migration
Migrating widgets from options to a custom post type would involve some tedious data migration to update all references to current `id_base-number` widget IDs to their new integer IDs. The old widget ID could actually be copied directly into the `post_name` field for the `widget_instance` posts. Backwards compatibility for the `sidebars_widgets` option containing the old-style IDs may be necessary. Newly created widget IDs could have `post_name` fields populated with the `id_base` followed by the post ID. This switch would also necessitate discontinuing to register all widget instances with every request (#23909).
== Sidebars and Widget Groups
Perhaps out of scope for this ticket, but the way that widgets get associated with sidebars should also perhaps be changed to follow the pattern of how nav menu items are associated with a nav menu via a taxonomy term. The implementing of widget groups (#19912) could be the right opportunity to do this, where a `widget_grouping` taxonomy could be introduced, and when a grouping is assigned to a sidebar, the backwards-compatible widget IDs could be copied into the existing `sidebars_widgets` option. Otherwise, backwards compatibility might entail adding `pre_option_sidebars_widgets` filter.
== REST API Impacts
For more on widgets and now they relate to nav menu items in the context of a harmonized interface via the REST API, see https://github.com/WP-API/wp-api-menus-widgets-endpoints/issues/10
== Feature Plugin
See the [https://github.com/xwp/wp-customize-widgets-plus Customize Widgets Plus] feature plugin's “Widget Posts” module for an initial implementation of storing widgets in a `widget_instance` custom post type. This plugin depends on #32474 which facilitated plugins to store widgets in posts instead of options." westonruter
Tickets Awaiting Review 10364 Usability problem on the Widgets admin interface azaozz Widgets normal normal Awaiting Review enhancement reopened 2009-07-09T04:48:56Z 2015-12-28T18:13:01Z "On the widgets page, when I have lots of widgets available it's a nightmare to drag and drop one by one on the intended sidebar.
I have to scroll down and up the page while keeping the mouse button pressed.
When someone is using a Notebook and no mouse it's really a pain.
And with all that netbooks today it's even worse.
What I think could be done: just put a toggle button (like the dashboard widgets) on each widget and when someone press this toggle button it opens a menu with some links like: add to sidebar 1, add to sidebar 2,...
This would really be a usability improvement since it's not usable the way it is now.
And off course the drag and drop doesn't need to be replaced. People should be able to use it either way.
If you have a big monitor, go for drag and drop since you should be able to view all your available widgets on multiple columns without the need to scroll down the page.
Otherwise just click the toggle and Add to sidebar." vteixeira
Tickets Awaiting Review 15550 WP_Nav_Menu_Widget needs a filter for args Widgets 3.1 normal normal Awaiting Review enhancement reopened dev-feedback 2010-11-23T21:48:57Z 2016-01-11T17:14:15Z "I have a very common need to change the walker of a menu printed by WP_Nav_Menu_Widget. The only way to do this is by injecting a new walker on the args array.
By so, I propose changing '''default-widgets.php''':
{{{
function widget($args, $instance) {
// Get menu
$nav_menu = wp_get_nav_menu_object( $instance['nav_menu'] );
if ( !$nav_menu )
return;
$instance['title'] = apply_filters('widget_title', $instance['title'], $instance, $this->id_base);
echo $args['before_widget'];
if ( !empty($instance['title']) )
echo $args['before_title'] . $instance['title'] . $args['after_title'];
wp_nav_menu( array( 'fallback_cb' => '', 'menu' => $nav_menu ) );
echo $args['after_widget'];
}
}}}
To:
{{{
function widget($args, $instance) {
// Filter for args
$args = apply_filters('nav_manu_widget_args', $args);
// Get menu
$nav_menu = wp_get_nav_menu_object( $instance['nav_menu'] );
if ( !$nav_menu )
return;
$instance['title'] = apply_filters('widget_title', $instance['title'], $instance, $this->id_base);
echo $args['before_widget'];
if ( !empty($instance['title']) )
echo $args['before_title'] . $instance['title'] . $args['after_title'];
wp_nav_menu( array( 'fallback_cb' => '', 'menu' => $nav_menu ) );
echo $args['after_widget'];
}
}}}
" brodock
Tickets Awaiting Review 27405 Widget Customizer: Fade out sidebar sections that lack any rendered widgets Widgets 3.9 normal normal Awaiting Review enhancement new 2014-03-13T21:44:19Z 2017-06-07T00:24:28Z "Currently when there is a widget that is not rendered in the current URL being previewed (e.g. via Widget Visibility), the widget control in the customizer will become semi-transparent to indicate it is not being rendered. The same semi-transparent indicator would be useful for sidebars that are empty or which lack any rendered widgets.
Originally reported in https://github.com/x-team/wp-widget-customizer/issues/76" westonruter
Tickets Awaiting Review 29790 Widgets don't know the widget area context they're in Widgets normal normal Awaiting Review enhancement new dev-feedback 2014-09-29T12:44:45Z 2015-04-27T18:20:31Z "If you have a widget in a widget area (both on the admin side and front-end side) it does not know in which widget area it is in.
Use cases for this would be:
- custom filtering and/or styling on the front-end of a widget based on its location.
- having some editor options turned on/off based on widget-area." ruud@…
Tickets Awaiting Review 17201 dynamic_sidebar performance Widgets 3.1 normal normal Awaiting Review enhancement reopened has-patch 2011-04-21T07:48:22Z 2015-09-02T02:13:58Z "I've got a few dynamic sidebars (say 6 or 7) and the dynamic_sidebar function spends 1/4 of a second only calling sanitize_title.
See the piece of code on wp-includes/widgets.php:
{{{
if ( is_int($index) ) {
$index = ""sidebar-$index"";
} else {
$index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
if ( sanitize_title($value['name']) == $index ) {
$index = $key;
break;
}
}
}
}}}
That's occurs evenf if you provide an id, and not the sidebar name.
We could avoid that by checking before trying to use the sidebar name if a sidebar exists with that id.
Like so...
{{{
if ( is_int($index) ) {
$index = ""sidebar-$index"";
} elseif ( empty($wp_registered_sidebars[$index]) || !array_key_exists($index, $sidebars_widgets) || !is_array($sidebars_widgets[$index]) || empty($sidebars_widgets[$index]) ) {
$index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
if ( sanitize_title($value['name']) == $index ) {
$index = $key;
break;
}
}
}
}}}" mrubiolvn
Tickets Awaiting Review 4280 Allow to constrain widgets being displayed on certain page types only mufasa Widgets 2.2 low minor Awaiting Review feature request reopened 2007-05-17T06:46:19Z 2016-05-04T15:13:55Z "The only real added value of the Sidebar Modules (SBM) plugin right now is the possibility to customize, which widgets are to be displayed on which pages (setting at Sidebar Modules//Module's Options/Display On).
With this you are able to highly customize your sidebars even down to a single post's page.
It might also make sense to define sidebars per category a post is in.
However, it makes the most sense to have different sidebars on the Homepage, different static pages and posts pages." torbens
Candidates for Closure 41818 Add widget-title to default widget for consistency Widgets 4.9 lowest minor Awaiting Review defect (bug) new close 2017-09-06T17:48:32Z 2017-09-06T18:19:47Z `widgettitle` appears only in 3 places within core. Everywhere else it is `widget-title`. This patch makes everything consistent. wpsmith
Candidates for Closure 42690 Custom HTML Widget? Widgets 4.9 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-11-24T15:17:07Z 2017-11-25T22:10:10Z "Your Custome HTML Widget no longer accepts HTML
Cannot enter amazon banners, adsense banners or any other html coded banners" bollox
Candidates for Closure 42770 Custom HTML Widgets & Google Tracking Widgets 4.9.1 normal normal Awaiting Review defect (bug) reopened reporter-feedback 2017-12-01T16:39:41Z 2017-12-07T06:41:30Z "Cannot save valid HTML code in the Custom HTML Widget if it contains Google outbound tracking links. It generates the ""There are XX errors which must be fixed before you can save.""" MacLeroy
Candidates for Closure 42224 Custom HTML widget is flagging errors on non-HTML Widgets 4.9 normal normal Awaiting Review defect (bug) new close 2017-10-14T18:08:38Z 2017-10-19T18:52:49Z "Because I had trouble putting a `

` tag into the Text Widget (See #42222), I tried to put it into a Custom HTML widget. But the Code Editor is flagging errors on my text, and won't let me Save the widget.
Additionally, it says there are 6 errors, when it shows 2 errors and 4 warnings. Do warnings have to be fixed to Save?" joyously
Candidates for Closure 40989 Image Widget not working in wp 4.8 Widgets 4.8 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-06-10T09:19:32Z 2017-07-31T17:22:28Z Not working image widget link in WordPress 4.8 imranaliweb
Candidates for Closure 39592 Recent posts widget doesn't filter post types properly Widgets 4.7.1 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-01-15T13:34:46Z 2017-01-22T01:33:24Z "When browsing by a tag f.ex. `/tag/books/`the Recent Posts widget is showing some really weird items alongside the actual posts. On my personal site, one is called ''Home'' but with a link for `/2016/12/30/home-2` (which is broken), and the next few are simply named ''752'', ''751'' and ''750'', again leading to `/2016/12/30/75x` (which are all broken). Looking in the database, these are not posts but rather have post_type `nav_menu_item`:
{{{
mysql> SELECT ID,post_date,post_type,post_name FROM blog_posts WHERE post_name='home-2' \G
*************************** 1. row ***************************
ID: 761
post_date: 2016-12-30 17:36:22
post_type: nav_menu_item
post_name: home-2
1 row in set (0.00 sec)
}}}
''(I'm only showing one record here, but they all have the same post type)''
I posted this on the wordpress.com support forums, but without getting an answer. So I went on to try and edit the source for the recent posts widget in order to apply an explicit filter, but this didn't fix the problem either.
I have also tried using other recent posts widget plugins, but they all suffer the same problem. So while this likely has to do with the internals of WP_Query and the filtering code, I'm submitting this under component ''Widgets'' as it is only the widgets that seem to break." noccy
Tickets Needing Feedback 43039 Resize capability missing from Custom HTML widget Widgets 4.9.1 normal normal Future Release defect (bug) new reporter-feedback 2018-01-08T00:02:45Z 2018-01-08T18:19:03Z "I'm using WordPress 4.9.1 with the theme Prolio 2.6.1
I had fallen behind in updating and just updated to current versions.
I'm using Text widgets on my homepage, and the text widget editor used to allow both vertical and horizontal resizing by dragging the resize icon in the lower-right corner.
Now I can only resize Text widgets vertically!
I also started using the Custom HTML widget, as recommended.
But the Custom HTML widget is not showing a corner resize icon at all so I cannot resize it, and it is a small rectangular editing pane with a larger font than before, and very awkward to use (although it would be wonderful if I could enlarge it).
I used Firefox's Tools > Web Developer > Inspector to find the CSS for the editing window:

...

...
...

...

...

I find that I can change that last line to:

and that enables the bidirectional resize corner that I need!
But of course that only affects the running instance. I have no idea how to tweak the code so that change becomes the default.
Before I look into creating my own customized version of the Custom HTML editor, I'm wondering whether this very minor change could be incorporated into the next release of these tools, so I don't have to do that work myself, and so other people can benefit from it.
I don't actually know whether this is a request for the WP team or the Prolio team, so I'm starting with the WP team.
Thanks for your consideration,
-- Paul Tukey paul.tukey@gmail.com
" paultukey
Candidates for Closure 42081 Some widget controls are too wide for their container Widgets 3.8 normal minor Awaiting Review defect (bug) new close 2017-10-03T23:21:05Z 2017-10-03T23:31:51Z "When using the Appearance -> Widgets screen, the controls for the `Custom HTML`, `RSS`, and `Text` widgets are too wide for the container, and overflow to the left.
This only happens when a theme is in use which has more than one widget area and therefore causes two columns of widget areas to appear on the Widgets screen.
All three widgets are being given a left margin of `-28px` at runtime.
All the other default widgets are fine, and all widgets are fine when used in the Widgets panel in the Customizer.
The issue has been present since the introduction of the MP6 admin design in 3.8." johnbillion
Candidates for Closure 38723 Widget correct number is not displayed into the global $wp_registered_widgets array Widgets 4.7 normal normal Awaiting Review defect (bug) reopened close 2016-11-09T01:11:14Z 2016-11-20T00:57:52Z "When displaying the array on the page (widget.php)...
{{{#!php
';
print_r( $wp_registered_widgets );
echo '';
}}}
I get the widget number value incorrect, it is the maximum number of widgets of the current widget type.
'''How to replicate my problem?
1. Fresh install
2. Drag 2, 3 or more widgets to a sidebar
3. paste the this code in the functions.php file of the theme..
{{{#!php
';
print_r( $wp_registered_widgets );
echo '';
} add_action( 'widgets_admin_page', 'show_registered_widgets' );
}}}
4. Go to widgets.php page and you will see a big array with all widgets
Find the widgets you added to the siderbar, and if you look close in the that object of the widget array, you can find that the number is incorrect.
Take a look to this screenshot of what you will see...
http://alexvorn.com/wp-content/uploads/2016/11/why3.png
" alexvorn2
Candidates for Closure 42631 Widget visibility settings not preserved Widgets 4.9 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-11-19T23:32:06Z 2017-11-20T23:13:48Z "Changes to widget visibility settings that are neither all off or all on are erratically changed upon close/save of the visibility pop-up. I've tried to save specific page display settings for widgets on two different browsers (FireFox and Chrome) and both produce the same result:
If a widget is to display only on pages A, B, C, and D; what is stored is randomly, A, C, E, F, G, and L. Or maybe A, B, C, G M, N, and P. Who knows. If all pages are off, they'll stay off. If all pages are on, they stay on.
In the same vein, paging through the lists screws up items selected items on each page too. All de-selected items will be re-selected when you go to another page.
" Blackhawke
Candidates for Closure 33180 Widgets not preserved after switching theme and deactivate plugins Widgets 2.8 normal normal Awaiting Review defect (bug) new dev-feedback 2015-07-29T17:59:40Z 2015-09-05T19:18:07Z "Steps to reproduce:
- Activate any plugin with available widget.
- Use this widget in sidebar of actual theme.
- Deactivate all plugins.
- Switch theme (for example Twenty Fifteen).
Note: These steps are frequently used for debugging problems.
- Switch back to previous theme.
- Activate all plugins.
Expected result: Widget is still active and visible.
Current result: Widget is missing. When used together with any core widget, then this widget is preserved during workflow above." pavelevap
Tickets Needing Feedback 33602 is_active_sidebar returns true when widget has been deactivated Widgets 4.3 normal normal Future Release defect (bug) assigned reporter-feedback 2015-08-30T03:10:32Z 2015-09-09T12:59:17Z "When I activate a plugin (in this case Ultimate Social Media and Share icons)
Add the widget to my sidebar area
Deactivate the plugin
The widget is no longer visible in the sidebar
BUT
is_active_sidebar still returns true" karlikdesign
Candidates for Closure 32470 Abstracting the Widget Classes Widgets normal normal Awaiting Review enhancement new dev-feedback 2015-05-23T03:42:13Z 2015-07-06T19:50:11Z "Starting a discussion on the best way to abstract out the functionality of WP_Widget and the built in widgets in default-widget.php.
Related #23012
" welcher
Unpatched Enhancements 10976 Add before_content and after_content to widget options azaozz Widgets normal normal Future Release enhancement reopened dev-feedback 2009-10-19T08:17:10Z 2016-04-13T10:50:57Z "Hi,
I'd like to request adding a two new parameters to the widget array for easier customization when creating themes.
Parameters are : before_content and after_content (naming can be different)
Basicaly we have now before_widget, after_widget, before_title and after_title and it's working great, but if while creating a theme you'd like to add more complexity to the graphics surrounding widget you have to add more divs etc. to make it work and look great, and if you got some divs or anything else between title and content you got a problem. Sure you can put the code in the after_title and it will work, but what in case if someone will decide to leave the title empty ? Your widget lacks code and your theme messes up.
Please consider it! :)" newkind
Tickets Needing Feedback 25419 Add icon support for widgets on the admin page and customize screens Widgets 3.9 low minor Future Release enhancement new dev-feedback 2013-09-25T17:05:07Z 2018-03-05T20:34:27Z With the incorporation of live widget previews (widget customizer), an available widget browser is displayed which lists all widgets along with a dashicon for each. These icons should be incorporated into the widgets admin page now, as well. westonruter
Candidates for Closure 38270 Better handling of widget errors Widgets 4.7 normal normal Awaiting Review enhancement new close 2016-10-09T15:34:33Z 2016-10-09T18:26:33Z "This change makes debugging broken widgets a lot less painful -- in case of errors in widgets this will allow the site to load and the developer to see the error messages instead of just blowing up with the ambiguous error message ""Class not defined"".
https://github.com/WordPress/WordPress/pull/207#issuecomment-252338814" dustwolf
Candidates for Closure 31085 CPT selector to “Recent Posts” widget Widgets 4.2 normal normal Awaiting Review enhancement new dev-feedback 2015-01-21T11:18:12Z 2015-12-12T23:27:44Z "I think that ""Recent Posts"" widget should support selection to show all posts or only in selected CPT." sippis
Candidates for Closure 28615 Display more columns of widgets on widgets.php page if resolution size is very large Widgets 3.9.1 normal trivial Awaiting Review enhancement new dev-feedback 2014-06-23T16:22:43Z 2015-12-03T06:56:09Z "Currently we have one column of widgets if the browser size is below 1250px and 2 columns if is 1250px or more...
Maybe if browser size if bigger than 1700px to show 3 columns
if more than 2200px - 4 columns... or something like that" alexvorn2
Tickets Needing Feedback 20542 Extend register_widget to allow passing params as second argument codearachnid Widgets 3.4 normal normal Future Release enhancement new close 2012-04-25T11:56:19Z 2017-01-04T06:15:05Z "I ran into an issue recently where I needed to make multiple calls of `register_widget('my_custom_class');` on the same class and have multiple unique widgets registered.
The problem I ran into is that every time the same class is called it will overwrite the last instance of the same class during the widget constructor request `parent::__construct('unique_id', 'widget title');` This does not allow for reuse of the same class to instantiate multiple widgets. I found that if I were to extend the register method in WP_Widget_Factory to pass through arguments into the extended WP_Widget constructor that I can reuse the same class for multiple widget registations. I am working out the logic to implement this directly into /wp-includes/widgets.php for future functionality improvement." codearachnid
Tickets with Patches 41081 Improve Custom Menu widget, show notification if menu is empty or no menu selected mdifelice Widgets 4.9 normal normal Future Release enhancement assigned dev-feedback 2017-06-16T13:33:58Z 2017-10-03T03:36:00Z "If you choose a menu for Custom Menu widget and we remove all items in that menu OR the menu is not selected -> nothing shows on the page.
Maybe we should add a text message that will inform the user that the menu is empty or is not selected?" alexvorn2
Unpatched Enhancements 39909 Make title behaviours consistent across all widgets on first load westonruter Widgets 2.8 normal normal Future Release enhancement reopened dev-feedback 2017-02-17T19:17:20Z 2018-02-12T16:15:24Z "On first load the word 'Archives' outputs as the Widget title but it doesn't appear in the input field. If there is a default text, perhaps it should show. This could also assist by users making the connection with the words and where they can edit.
For example:
[[Image(https://cldup.com/EK1v0wxGX1.png, 50%)]]
Another example, the Calendar widget has no title and compared to the examples above this feels weird. What I think should happen is that the same title behaviour occurs for all widgets when you first load them." karmatosed
Candidates for Closure 35475 New functions: `current_widget` and `current_widget_id` Widgets normal normal Awaiting Review enhancement reopened reporter-feedback 2016-01-15T16:08:56Z 2016-01-31T20:22:32Z "This is alternative for ticket #35456. In widgets we can use different filters and actions. For example we use the_title filter but in widget we don't want (this is abstract example). So:
{{{#!php
" dubaicarmelschool
Tickets Needing Feedback 35656 Deprecate old single (non-multi) widgets Widgets 2.8 normal normal Future Release enhancement new dev-feedback 2016-01-29T08:52:23Z 2017-01-04T06:24:50Z "Widgets were introduced to Core in 2.2. These initial widgets only allowed one instance of a given widget to be registered at a given time. In 2.8 the `WP_Widget` was introduced which allowed for multiple instances of a widget type to be added, but more importantly it introduced an object-oriented MVC-ish paradigm for representing widgets. The `WP_Widget::update()` callback allows for a given widget instance to be sanitized without having to actually save it to the database. This ability is key for previewing widgets in the Customizer. In addition to the `update` callback, the `WP_Widget` can have schema information attached which works in conjunction with `update` to sanitize and validate a given widget for the REST API, for automatically generating a widget form, and automatically providing default values for a widget instance (see #35574). All of this is not possible with the old single widgets.
I believe it is time to deprecate old single widgets so that widgets can evolve. If support for old single widgets is removed in 4.5, then in 4.6 (or later) support can be removed which could clean up quite a bit of the widgets codebase, including the brittle “option transactions” functionality that was added to widgets in the Customizer.
Once single widgets are removed, moving widgets from being stored in options to a custom post type will be facilitated: #35669." westonruter
Tickets Needing Feedback 31020 Introduce discrete capability for managing widgets johnbillion Widgets normal normal Future Release enhancement assigned needs-unit-tests 2015-01-15T07:11:15Z 2017-07-14T19:41:15Z "As with management of nav menus (#29213), managing widgets currently requires `edit_theme_options` capability, a capability associated with administrators which grants the power to make many wide sweeping changes. There should be a discrete capability `manage_widgets` just for managing widgets, one that is inherited for anyone who has `edit_theme_options` by default. This was done for Customizer access in #28605 with the introduction of a `customize` capability.
Originally brought up in #14386.
The same is proposed for menus in #29213." westonruter
Tickets Needing Feedback 40830 Widgets: add a warning that changes are published instantly on the admin screen Widgets 3.9 normal normal Future Release enhancement new has-patch 2017-05-20T18:43:49Z 2018-03-02T14:48:14Z "Every change made on the widgets admin screen is published instantly, making it live on the user's site. This includes adding a widget without configuring any settings and other things that probably shouldn't go live before they're ready. For this reason, we added a ""manage with live preview"" link to this screen previously.
To further emphasize the usability problems with this screen and the availability of an alternative, particularly for new users that may find themselves here, we should add a warning to the widgets admin screen that clearly states that changes are published immediately and deep-links to the live preview version. This could also reduce confusion here and elsewhere, as this may be the only place in wp-admin where changes are saved without clicking any sort of publish/submit button." celloexpressions
Tickets Needing Feedback 16443 We need a way to programmatically tell if we are in a sidebar Widgets 2.2 normal normal Future Release feature request new dev-feedback 2011-02-02T20:10:28Z 2015-12-03T15:01:16Z There is currently no way to tell if you are in_a_sidebar or doing a widget which makes me a sad stallman lookalike. jorbin
Tickets Needing Feedback 27404 Widget Customizer: Allow adding inactive widgets to widget areas melchoyce Widgets 3.9 normal normal Future Release feature request assigned 2014-03-13T21:24:35Z 2018-01-15T17:39:57Z "Currently a user may add new widget instances to widget areas in the customizer, and they may remove these widgets to send them to the inactive widgets area (aka widget trash). However, there is currently no way to restore these inactive widgets to widget areas without leaving the customizer and going to the widgets admin page.
The widget addition panel should be extended to also list out inactive widgets.
Originally reported at https://github.com/x-team/wp-widget-customizer/issues/46
Related: #39693" westonruter
Tickets with Patches 12722 Concurrent editing of widgets azaozz Widgets normal normal Future Release defect (bug) new has-patch 2010-03-26T18:07:46Z 2015-04-29T09:23:20Z When two admin users edit widgets at the same time which ever one saves last wins. I think we'd need something like the post edit lock to be able warn users when someone else is already editing widgets. josephscott
Tickets with Patches 38133 "Core widget fields fail to render value of ""0"" when empty() checks are used" stevenkword Widgets 2.6 normal normal Future Release defect (bug) reviewing has-patch 2016-09-22T19:52:55Z 2016-11-02T22:42:15Z "If you put a single zero 0 the instance property for in many default widgets, it won't output any thing if an `empty()` check is used since `empty( '0' ) === true`. You can try putting a 0 in any widget title or content. It works if you put 00 or anything else.
The reason being our use of `empty( $variable )` and `! empty( $variable )` in the default widgets. `empty` returns FALSE if var exists and has a non-empty, non-zero value.
So it will be better to use `isset( $variable) && $variable != ''` instead. Wanted to submit a patch but wanted to know if above method will be the best one." hardeepasrani
Tickets with Patches 40775 Remove number in placeholder in translation string Widgets 4.8 low normal Future Release defect (bug) new has-patch 2017-05-16T04:17:14Z 2017-06-01T18:50:15Z "`/src/wp-includes/widgets/class-wp-widget-media-video.php` line 45
{{{
'unsupported_file_type' => sprintf( __( 'Sorry, we can’t display the video file type selected. Please select a supported video file (%1$s) or stream (YouTube or Vimeo) instead.' ), '.' . implode( ', .', wp_get_video_extensions() ) . '' ),
}}}" rabmalin
Tickets with Patches 37451 Widget Sidebars Title text overflow ovann86 Widgets normal normal Future Release defect (bug) assigned has-patch 2016-07-25T05:29:30Z 2018-02-09T13:53:52Z Title text of widget section overflow gk.loveweb
Tickets with Patches 33915 Add a filter in dynamic_sidebar() function to modify sidebar index Widgets 4.3 normal normal Future Release enhancement new needs-unit-tests 2015-09-17T15:04:28Z 2016-02-24T11:48:07Z Changing sidebars depending on the page/post/etc loaded through a plugin. Nothing too complex, just no way to do it. There is a filter dynamic_sidebar_params but that isn't called until later on in the function after the widgets have been collected for that sidebar. fahidjavid
Tickets with Patches 24856 Authors widget to highlight authors Widgets 3.8 normal normal Future Release enhancement new has-patch 2013-07-28T20:31:03Z 2016-02-09T15:47:04Z "Add a new widget to display a grid or list of Authors in a widget. Linking to their published posts.
This is slated for 3.8. Development will occur in a plugin first." lancewillett
Tickets with Patches 21165 Make categories widget work with custom taxonomies wonderboymusic Widgets normal normal Future Release enhancement reopened has-patch 2012-07-05T14:15:13Z 2016-02-29T02:09:52Z "The tag cloud widget already has a taxonomy dropdown.
We should add one for the categories widget as well." scribu
Tickets with Patches 34093 New filter: `get_calendar_post_type` in get_calendar() Widgets normal normal Future Release enhancement new needs-unit-tests 2015-09-30T06:19:27Z 2016-10-07T20:09:03Z Filter for post type in calendar. If I want show posts from others post type sebastian.pisula
Tickets with Patches 27299 Order the available widgets in the Widgets admin page Widgets normal normal Future Release enhancement new has-patch 2014-03-06T17:11:24Z 2015-10-13T01:08:44Z "The list of available widgets is always sorted alphabetically. Adding a hook would allow us to prioritize the order.
Sample patch attached." nofearinc
Tickets with Patches 23328 While editing widgets in accessibility mode the position can be indicated by widget titles instead of numbers afercia Widgets normal normal Future Release enhancement assigned has-patch 2013-01-30T18:32:33Z 2017-10-02T16:07:18Z "Guess it title says it all. Right now you need to figure out the position you want the widget to be at and try remember it while editing the widget.
I suggest to change the text text of the position column header from ""position"" to ""position after"" and use labels in the drop down
1 => ""top""
2 => top widget title
3 => second widget title[[BR]]
etc" mark-k
Tickets with Patches 30359 Widget Areas should stick to the browser viewport ajensen Widgets 4.0 normal normal Future Release enhancement assigned has-patch 2014-11-17T04:06:02Z 2018-02-12T20:48:44Z "Similar to what we've done with the admin menu and meta boxes on the post screen, when you scroll down the list of available widgets, the widget areas should stay within the viewport if possible instead of simply having white space visible.
This is far more obvious on a site which has lots of widgets (such as WordPress.com) which results in dragging widgets from the lower end of the available section to an area difficult.
We do have alternative methods of adding widgets (Clicking and the Customizer) but I think this would be a huge win for the Widget screen." dd32
Tickets with Patches 29319 filter dayswithposts in widget calendar Widgets 3.0 normal normal Future Release enhancement new needs-unit-tests 2014-08-22T14:28:53Z 2017-10-02T16:14:34Z "Hello
here is Konrad, WPML developer. We are fighting now with bug related WordPress calendar widget: it always displays all posts, and we want to filter its results regarding to language of post.
Steps to reproduce:
1. install WPML
2. publish some post in En language July 1st
3. translate this post July 2nd to Polish language
4. activate calendar widget
Result: calendar will show that there are posts in July 1st and 2nd.
Expected result: when user displays English posts, calendar should display only July 1st. When user switches to Polish language, calndar should display only July 2nd.
We want to fix this in WPML but we need filter inside of get_calendar() function.
Wordpress gets days with posts by this query inside of get_calendar():
{{{
$dayswithposts = $wpdb->get_results(""SELECT DISTINCT DAYOFMONTH(post_date)
FROM $wpdb->posts WHERE post_date >= '{$thisyear}-{$thismonth}-01 00:00:00'
AND post_type = 'post' AND post_status = 'publish'
AND post_date <= '{$thisyear}-{$thismonth}-{$last_day} 23:59:59'"", ARRAY_N);
}}}
The result should be able to filter, then WPML will hook here.
I am attaching proposed diff file.
(I see that we can hook into get_calendar filter but this variable has full html output of calendar. This will unefficient to parse this HTML)
" kkarpieszuk
Unpatched Bugs 42822 CodeMirror: HTML attributes values hints not fully operable with a keyboard Widgets 4.9 normal normal Future Release defect (bug) new 2017-12-07T09:38:16Z 2017-12-18T16:04:25Z "To reproduce, add an HTML widget either in the Widgets screen or in the Customizer:
- start typing a HTML tag, for example "" 1, id => 'first') ); }}}
dynamic_sidebar() will not be able to find the sidebar given its name (1).
{{{
if ( is_int($index) ) {
$index = ""sidebar-$index""; /// 1 becomes 'sidebar-1'
...
}}}
The main problem is that dynamic_sidebar() is trying to process both IDs and names through the same variable ($index) while register_sidebar() separates the two with an array ( array('name' => 'Top', 'id' => 'sidebar-1' ).
According to the in-line docs for dynamic_sidebar():
It is confusing for the $index parameter, but just know that it should just work. When you register the sidebar in the theme, you will use the same name for this function or ""Pay no heed to the man behind the curtain."" Just accept it as an oddity of WordPress sidebar register and display.
It does ""just work"" if you never use your own sidebar IDs.
I started looking at this because I wanted to use is_active_sidebar() which tests to see if a dynamic_sidebar() has anything in it. There is no get_dynamic_sidebar(). dynamic_sidebar() sends everything to the browser or returns false.
{{{
register_sidebar( array('name' => 'Top') ); // id defaults to ""sidebar-1""
...
if ( is_active_sidebar('Top') )
dynamic_sidebar('Top');
}}}
Which fails because is_active_sidebar() just completely skips over searching for an id to go with a name. To get it to work you need to know when it was registered. Not something theme authors and designers are going to follow easily. There's a ticket to fix this: [http://core.trac.wordpress.org/ticket/10440 #10440]
{{{
if ( is_active_sidebar(1) )
dynamic_sidebar('Top');
}}}
Like dynamic_sidebar(), is_active_sidebar() converts 1 to ""sidebar-1"". Unlike dynamic_sidebar() it assumes everything is entered as an id.
unregister_sidebar() assumes its parameter (incorrectly named $name, not $id) is an id. But it wants a literal id, like ""sidebar-1"". unregister_sidebar(1) unregisters a sidebar with an id of 1, while dynamic_sidebar(1) tries to display a sidebar with an id of ""sidebar-1"".
=== Widgets (Admin Page) ===
The dynamic_sidebar() function is used by the Widgets management page. So, it is possible to create a sidebar with register_sidebar() that dynamic_sidebar() cannot find. You can populate it with drag and drop [2] and not have it appear on the web site.
== After Patch ==
If committed, this patch would remove the need for tickets [http://core.trac.wordpress.org/ticket/10440 #10440] and [http://core.trac.wordpress.org/ticket/10956 #10956]. It changes the current argument behavior of unregister_sidebar(), but doesn't break backward compatibility. It allows is_active_sidebar(), unregister_sidebar() and dynamic_sidebar() all point to the same sidebar.
=== Before ===
These all refer to the same sidebar:
{{{
is_active_sidebar(1);
unregister_sidebar('sidebar-1');
dynamic_sidebar('Sidebar Top');
}}}
In an admittedly contrived case, dynamic_sidebar() would silently fail to allow this sidebar to show:
{{{ register_sidebar( array('name'=>'Sidebar Top', 'id' => 1) ); }}}
=== After ===
These all refer to the same sidebar (the first two would have broken before the patch):
{{{
is_active_sidebar('Sidebar Top');
unregister_sidebar('Sidebar Top');
dynamic_sidebar('Sidebar Top');
}}}
After the patch this shows fine:
{{{ register_sidebar( array('name'=>'Sidebar Top', 'id' => 1) ); }}}
After the patch it is possible to force an argument to be only a name or only an id:
{{{
is_active_sidebar(array( 'name' => 'Sidebar Top' ));
unregister_sidebar(array( 'name' => 'Sidebar Top' ));
dynamic_sidebar(array( 'id' => 1 ));
}}}
=== Notes ===
[1] register_sidebar() allows the user to override the default setting of: 'id' => ""sidebar-$i"",
[2] When you refresh the Widgets management page the widgets will disappear from the sidebar. They are still attached to a sidebar, but dynamic_sidebar() cannot see the sidebar." CharlesClarkson
Unpatched Bugs 43151 Media widgets shouldn't use a clickable div as an UI control Widgets 4.8 normal normal Future Release defect (bug) new 2018-01-23T23:12:26Z 2018-02-05T16:11:38Z "All the new media widgets (image, audio, video, gallery) display a media ""placeholder"":
[[Image(https://cldup.com/niQGhcAASo.png)]]
It has a double functionality:
- it displays an informative message, e.g. ""No image selected""
- it's clickable to open the media modal
However, this clickable placeholder is actually a clickable `

` element. Elements that are non-natively interactive shouldn't be used as UI controls. In the last years. WordPress has been progressively addressing this issue across the whole admin interface, [https://core.trac.wordpress.org/query?keywords=~semantic-buttons trying to use semantic and natively interactive elements] instead.
The introduction of clickable `

` elements in core is a regression compared to the best practices used in the last years. Additionally, it's an accessibility barrier, as these elements can only be used with a pointing device and there's no way to use them with other devices, e.g. with a keyboard.
The same issue was discussed at length for the similar ""placeholders"" in the customizer, see #34323. There was also a [https://wordpress.slack.com/archives/C02S78ZAL/p1462228081000246 discussion on Slack] with different opinions, which highlighted how such a pattern is controversial.
Regardless of all the feedback, suggestions, and expertise provided previously, these clickable `

` elements are now implemented in the media widgets. Worth noting they just duplicate the functionality of the ""Add media"" buttons placed below them.
They also introduce a new inconsistency in core: in the Customizer there are other ""placeholders"" that visually look the same but they're ''not'' clickable:
[[Image(https://cldup.com/Pfbgq2z4yW.png)]]
We've discussed again this pattern in a [https://wordpress.slack.com/archives/C02RP4X03/p1516038456000043 recent weckly accessibility meeting on Slack], and agreed on all the points previously discussed.
The root cause of the issue is this placeholder is visually designed to look like a clickable control. However, it's labeled just with an informative message. Since it's immediately followed by an ""Add media"" button that does the same thing, it's not clear why the placeholder should be clickable in the first place.
As pointed out in all the resources linked above, it should be either a real button (thus, the Add Media button would be redundant) or be just text, and look like just text.
" afercia
Unpatched Bugs 32183 Widget ID auto-increments conflict for concurrent users westonruter* Widgets 2.8 normal normal Future Release defect (bug) accepted 2015-04-29T09:20:46Z 2017-06-07T00:20:40Z "Each WP_Widget 2.0 “multi-widget” gets an index number associated with each instance of a give type. When you add a widget, this number gets incremented (`widget.set( 'multi_number', widget.get( 'multi_number' ) + 1 );`). The initial multi-number is calculated from the `next_widget_id_number()` function which takes the max number currently used, and increments it by one. The same approach is used in the widgets admin page and the Widget Customizer.
For frequently-used widgets, the above problem will happen frequently where two users will try to add the same widget at the same time, and thus they will start out with the same initial `multi_number`, resulting in the same widget ID. When they both save their changes, one user's widget will override the other user's widget: whoever saves last. Likewise, it is possible for multiple widgets to be deleted in one session (from the widgets admin page, since Customizer only removes widgets by moving them to the Inactive Widgets sidebar) then new ones added back in other sessions and the initial `multi_number` will not be consistent. In other words, the `multi_number` for each widget type needs to be synced across each Customizer session along with the actual setting values.
For concurrent editing of widgets, see:
#31436: Handle conflicts in concurrent Customizer sessions
#12722: Concurrent editing of widgets (on admin page)" westonruter
Unpatched Bugs 36851 Widgets don't remove hooks after being unregistered Widgets 2.8 normal normal Future Release defect (bug) new 2016-05-16T15:28:57Z 2017-06-28T16:29:44Z "In `WP_Widget_Recent_Comments::__construct()`, there is this bit of code:
{{{#!php
id_base ) || is_customize_preview() ) {
add_action( 'wp_head', array( $this, 'recent_comments_style' ) );
}
}}}
If `unregister_widget( 'WP_Widget_Recent_Comments' )` is called, this added `wp_head` action is still going to persist unexpectedly. At the moment, I believe the only way to remedy this inside such widgets themselves would be to check to see if the widget is still among `$wp_widget_factory->widgets` when the action callback is called (here the `recent_comments_style` method). From outside the widget, the alternative is would be to do:
{{{#!php
widgets['WP_Widget_Recent_Comments'];
unregister_widget( get_class( $widget ) );
remove_action( 'wp_head', array( $widget, 'recent_comments_style' ) );
}}}
Neither of these options are great.
Perhaps there should be new `widget_registered` and `widget_unregistered` actions that widgets could listen to to do this cleanup? Or there could be a new `unregister` method on `WP_Widget` that a subclass could have this logic inside of. (We wouldn't be able to use the PHP destructor since it would never be called since the reference to the class would be still captured among the registered hooks.) Likewise, instead of adding the hooks inside of the constructor, perhaps there should also be a `WP_Widget::register()` method that gets called inside of the faux-private `WP_Widget::_register()` (and `_register` should be `final`, no?)" westonruter
Unpatched Bugs 22116 bug in dynamic_sidebar function Widgets 3.4.2 normal normal Future Release defect (bug) new has-patch 2012-10-06T12:19:48Z 2015-12-11T07:32:10Z "In the dynamic_sidebar function is for displaying the right sidebar, by id, but in the code it is searched by name:
{{{
function dynamic_sidebar($index = 1) {
global $wp_registered_sidebars, $wp_registered_widgets;
if ( is_int($index) ) {
$index = ""sidebar-$index"";
} else {
$index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
if ( sanitize_title($value['name']) == $index ) {
$index = $key;
break;
}
}
}
}}}
must be changed to :
{{{
function dynamic_sidebar($index = 1) {
global $wp_registered_sidebars, $wp_registered_widgets;
if ( is_int($index) ) {
$index = ""sidebar-$index"";
} else {
$index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
if ( sanitize_title($value['id']) == $index ) {
$index = $key;
break;
}
}
}
}}}
" alexvorn2
Unpatched Bugs 42987 is_active_sidebar returns true on after plugin deactivation Widgets 2.8 normal normal Future Release defect (bug) new 2017-12-27T12:44:45Z 2018-01-26T21:12:12Z "Hi,
Steps to reproduce:
code:
{{{#!php
Sidebar is active, and it contains widget(s).
Sidebar doesn't contain any widget.
}}}
1. Add a widget plugin to the `custom-sidebar`
2. Disable the widget plugin
3. Reload the page
The page is still showing sidebar is active. and `wp_get_sidebars_widgets()` still contains the disabled plugin's widget info.
Is this something intended? Or is it a bug? " tpaksu
Unpatched Bugs 17078 is_active_sidebar() doesn't work with Numeric sidebar ID's Widgets 2.8 normal normal Future Release defect (bug) new 2011-04-07T10:06:54Z 2016-05-02T16:23:47Z "This needs a small fix:
Function is_active_sidebar( $index) converts $index to a string
then uses wp_get_sidebars_widgets() to see if the sidebar is active
..but keys in the array wp_get_sidebars_widgets() generates can be integers if the ID's of the registered sidebars are integers" lanceo
Unpatched Bugs 23423 sanitize_title() in dynamic_sidebar() restricts the use of specific characters for sidebar IDs chriscct7 Widgets 2.2 normal normal Future Release defect (bug) reopened needs-unit-tests 2013-02-08T13:25:00Z 2016-01-02T03:38:45Z "In the dynamic_sidebar() function in wp-includes/widgets.php uses sanitize_title() on the given index when it looks for a sidebar with a name that matches the index. After that it leaves the index value sanitized making it impossible to use characters not allowed by sanitize_title() in a sidebar ID.
By not overwriting the given index value with the sanitized version it would still be possible to use any character for the ID. To achieve this, lines 847-853
{{{
$index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
if ( sanitize_title($value['name']) == $index ) {
$index = $key;
break;
}
}
}}}
should be replaced with
{{{
$sanitized_index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
if ( sanitize_title($value['name']) == $sanitized_index ) {
$index = $key;
break;
}
}
}}}" paulvandermeijs
Unpatched Bugs 14876 wp_get_sidebars_widgets() assumes that widgets are enabled Widgets lowest minor Future Release defect (bug) reopened 2010-09-15T02:05:43Z 2015-12-03T19:09:36Z "When a theme does not have any sidebars defined, wp_get_sidebars_widgets() will return the database option anyway.
This reveals a bug where a theme that does not have any widgets may still get the recent comments CSS injected into it. is_active_widget() is returning true because that widget was active when the sidebar option was last used." nacin
Unpatched Enhancements 35574 Add REST API JSON schema information to WP_Widget Widgets 2.8 normal normal Future Release enhancement new needs-unit-tests 2016-01-22T12:24:06Z 2017-04-23T23:27:58Z "With the REST API, there is an emerging-established way in WordPress for describing a data structure, such as a widget instance.
One aspect of the REST API endpoint schema is the `default` values for given fields on a property. Widgets often have duplicated logic between the `WP_Widget::widget()`, `WP_Widget::update()`, and `WP_Widget::form()` methods for checking if a given `$instance` property has been set, and if not, supplying a default value. In some cases, these `isset` checks are ''not'' performed resulting in PHP notices if the methods are programmatically invoked with an empty array. With JSON Schema defined, we would provide `$instance` defaults upon which the current stored `$instance` can be merged.
Widgets in WordPress are assumed to be arrays, with the applied filters and function return values. With a schema defined, the data type of a widget instance would be guaranteed. Meta in the REST API is a challenge given that it may or may not contain serialized PHP. Widgets are stored in serialized PHP arrays in WP options (though it is possible to store them in posts, per #32474). Additionally, the instance arrays may also contain PHP objects for classes that cannot be cleanly serialized into JSON, and having a REST API JSON schema defined for a widget would guarantee that a widget instance can be represented in JSON. This would, in turn, allow widgets to be exposed as [https://github.com/WP-API/WP-API/issues/19 endpoints] in the REST API, and it would allow widget instances to be completely manipulated with JavaScript (such as in the Customizer, as described in #33507).
By adding schema information to `WP_Widget`, we get a lot more than having default `$instance` data available. For one, the widget form can be automatically generated based on the schema if one is not defined (i.e. if `noform` is returned from the `WP_Widget::form()` method). (This may actually be focus of the Fields API.)" westonruter
Unpatched Enhancements 28093 Add REST API endpoints for widgets and sidebars Widgets normal normal Future Release enhancement new 2014-05-01T15:30:55Z 2017-11-23T06:31:11Z "There is currently no proper client-side API for managing widgets and the sidebars they belong in (and any APIs in PHP are also lacking, per #16613). Any widget manipulation requires a lot of manual Ajax calls and reverse engineering of how the widgets admin UI manages widgets.
The implementation of normalized REST API endpoints could coincide with re-architecture of how widgets are stored by making use of a custom post type instead of storing widgets in options. See #35669.
The way that widgets and sidebars are represented needs to be formalized and normalized in REST API endpoints (ideally in conjunction with nav menus).
Potentially any endpoints for widgets could be abstracted away as “content blocks”, such as with #33473 (Shortcodes + Widgets + Nav Menus. Unified ""component"" API (aka Content Blocks))
See discussion at https://github.com/WP-API/WP-API/issues/19
(Originally this ticket also described a JS API in front of any Ajax/REST interface to facilitate the manipulation of widgets and sidebars, but the scope is now limited specifically to the REST API and any JS interface can be part of the WP-API Backbone JS Client.)" westonruter
Unpatched Enhancements 33507 Allow widget controls to be JS-driven westonruter* Widgets 3.9 normal normal Future Release enhancement accepted 2015-08-22T05:30:02Z 2017-03-14T18:00:13Z "Widgets currently have an almost complete reliance on PHP for all aspects of their behavior:
* Generating the control form via `WP_Widget::form()`
* Validating the instance data via `WP_Widget::update()`
* Rendering the widget into the template via `WP_Widget::widget()`
The dependence on PHP can make managing widgets in WordPress relatively slow. In the Customizer, it can be excruciatingly slow since the widget form control is presented alongside the widget in the preview, and so the slow roundtrip time for sanitization and rendering is clear (especially with full-page refreshes of the Customizer, which is to be mitigated in #27355 via partial refreshes).
In the Customizer, making a change to a widget form field results in an `update-widget` Ajax call to pass the full form data to WordPress to pass it through the widget’s `update` callback for sanitization. The Ajax handler then passes this updated instance through the `form` callback, and the HTML output of the `form` callback then gets sent back in the Ajax response. (Look at the number of Ajax requests triggered when typing into a widget field.) The Customizer widget logic then tries to apply the sanitized instance data by aligning the input fields in the widget form shown in the Customizer with the input fields sent in the Ajax response. When the input fields are aligned (when the same inputs are present), then the inputs’ values will be updated to their sanitized values and a `widget-synced` jQuery event is triggered. But if the inputs cannot be aligned (which can happen easily if any of the fields are created dynamically), then it falls back to showing an Update button which will do a full replacement of the widget form, just as is done on the widgets admin page (and a `widget-updated` jQuery event is triggered). Then finally, once the widget instance is updated, then the Customizer preview can do its full page refresh with the widget instance previewed in the template.
Most of the above logic can be eliminated entirely if widget controls handled rendering of the controls and sanitization of the instance data purely with JavaScript, just like every other Customizer control normally behaves.
Widgets would hugely benefit from a revamp following patterns laid down in Customizer controls. Customizer controls were designed to be JS-driven from the start. A Customizer control gets associated with a Customizer setting, the control then applies the setting data onto the control’s template and the inputs are automatically synced back to the setting—this is accomplished via two-way data bindings provided by `wp.customize.Element`. So controls in the Customizer handle UI validation purely with JavaScript. There is no need for an Ajax request because the logic is in the client. (True this means that the sanitization logic has to be duplicated in PHP and JS, but this can be minimized by adopting a common schema for the input types.)
Naturally these new JS-driven widgets would need to be backwards compatible with existing widgets. We can allow a widget to opt-in to indicate it is JS-driven by supplying a new flag to the seldom-used `$control_options` param to `WP_Widget::__construct()` (which is used to pass the infamous width/height for wide widget form controls), for example:
When this is present, the Customizer would disable the existing update mechanism and defer to the control’s own logic.
Note that these new JS-driven widget controls in the Customizer would be implemented in a very similar way to how nav menu item controls have been implemented in the Customizer in 4.3. The overall widget control would be associated with a single widget instance setting. The widget’s setting would be just the JSON-serializable instance array (object) as opposed to a scalar value, and each property in the setting value would then get mapped to a different `wp.customize.Element` in the widget control: the inputs’ values would then get synced back into property of the setting object value by means of `wp.customize.Element` instances.
Some widget controls would still depend on the server for UI validation, for instance the RSS widget. However, only specific fields would need to be validated as opposed to the entire form. Note again that full server-side validation of the widget instance data would still be required. Ideally the duplication of logic here could be reduced by having a schema that both the JS and PHP validation logic could read from.
While the above focuses specifically on making the `WP_Widget::form()` and `WP_Widget::update()` both JS-driven, there may also be an opportunity to allow widgets to opt-in to JS-driven rendering of a given widget (i.e. implementing `WP_Widget::widget()`, in JS). This would make a lot of sense if the widget defined its template in Mustache (or Twig) and then allowed the instance array to be applied to that template either server-side or client-side. The effect for client-side would be postMessage instant previews of changes to widgets in the Customizer. The PHP-driven performant alternative to this would be partial-refresh as outlined in #27355.
By using JS-driven widgets, we will be able to use control templates for the widget controls as opposed to having to include a separate copy of the widget form with each control's params. This can drastically reduce the page weight, since the control template only needs to be included once.
By implementing JS-driven widget controls, the user experience of managing widgets would be vastly improved and the server load would be greatly reduced.
Depends on #35574 (Add REST API JSON schema information to WP_Widget)
See feature plugin: https://github.com/xwp/wp-js-widgets" westonruter
Unpatched Enhancements 26112 Available widgets drag-and-drop causes trouble on touch devices Widgets normal normal Future Release enhancement new 2013-11-19T15:57:32Z 2015-08-11T21:45:28Z "Now that we have click-to-add for available widgets, I think it makes sense to disable the drag-and-drop for available widgets on touch devices. The interaction tends to cause troubles on touch devices when you intend to scroll through the list of widgets, and instead initiate the draggable.
Since active and inactive widgets don't have any alternative for reordering, we can keep the draggable interaction there on touch devices — but maybe we should think of a new way of reordering these widgets without requiring drag-and-drop." shaunandrews
Unpatched Enhancements 39908 Make the page and category widget exclusions use a drop down not ID Widgets normal normal Future Release enhancement new 2017-02-17T19:14:40Z 2017-09-20T08:33:06Z "Currently excluding in this widget involves you getting and ID and then adding it. This could be made more user friendly by using a drop down.
[[Image(https://cldup.com/YVbvUK5pLK.png, 50%)]]" karmatosed
Unpatched Enhancements 30556 Modern widgets default wrapper Widgets 2.2 normal normal Future Release enhancement reopened 2014-11-30T19:14:31Z 2016-11-21T17:56:51Z "Since 2.2.0, widgets are wrapped in `

` by default.
In my opinion, they should be wrapped in `

` even if, during the sidebar registration, theme developers should declare how to wrap the widgets in the sidebar.
Twentyten theme is the only default theme using this structure and it's declared in functions.php.
The patch contains this change.
" LeoPeo
Unpatched Enhancements 42913 Scroll widgets and widget containers independently in admin ui Widgets trunk normal normal Future Release enhancement new 2017-12-15T18:31:30Z 2018-05-03T19:50:32Z "A ""regular"" WordPress installation with a few plugins providing widgets can easily result in a situation where the height of the ""available widgets"" div on the left can be significantly larger than the height of the ""available widget containers"" div on the right, as a result of which one may need to scroll down significantly to reach the desired widget, then scroll back up _while dragging_ to place the widget in the desired container.
If the div on the right were to be configured with {{height: 1vh; overflow-y: scroll}} and then turned into fixed (?) position div, it would remain on-screen while the user scrolled through the list of available widgets, such that installing a new widget would only require scrolling to find the widget in question, and at no point would it be necessary to drag and scroll simultaneously (which, while frustrating, is easy enough on a desktop... but with a touchpad it becomes quite the challenge).
On further reflection, it might actually be easier and less hacky to assign both the left and right divs a height of 1vh (and perhaps throw in a {{min-height}}) and {{overflow-y: scroll}}, then there's no need for anything but the default positioning. Both containers would scroll independently, and no need to drag and scroll.
Attaching a video of the current experience." ComputerGuru
Unpatched Enhancements 43045 Trigger events equivalent to editor:image-edit and editor:image-update in media-image-widget.js Widgets normal normal Future Release enhancement new 2018-01-08T20:51:24Z 2018-02-23T22:37:00Z "The `wpeditimage` TinyMCE plugin has helpful `editor:image-edit` and `editor:image-update` events for hooking additional metadata onto the Image object. Here's an example:
{{{
wp.media.events.on('editor:image-edit',function(event){
event.metadata.pinterest_text = event.editor.$(event.image).attr('data-pin-description');
});
wp.media.events.on('editor:image-update',function(event){
event.editor.$(event.image).attr('data-pin-description', event.metadata.pinterest_text);
});
}}}
Although the new Image Widget reuses the `image-details` frame, it doesn't fire these equivalent events, making integration difficult. It would be helpful if the `ImageWidgetControl` implemented equivalent events." danielbachhuber
Unpatched Enhancements 29155 Widgets: is_active_widget returns true even when the widget is not displayed on specific page Widgets 2.3 normal normal Future Release enhancement new 2014-08-08T17:51:22Z 2015-09-20T19:54:39Z "Steps to reproduce:
1. Activate Twenty Eleven
2. In Appearance > Widgets, add a widget to the Showcase widget area (only displayed on pages using the Showcase Page Template)
3. Load your home page. {{{is_active_widget}}} will return true for that widget, even if it is not displayed on the home page.
It seems like it would be nice if {{{is_active_widget}}} only returned true when the widget was actually displayed on the page. I'm not sure how to do that, though." jeherve
Unpatched Enhancements 42849 Custom HTML Widget: Allow user to be able to bypass lint errors to save Widgets 4.9 normal normal Future Release feature request new 2017-12-09T00:41:41Z 2018-03-14T21:11:53Z "In the custom HTML widget I have some div ids that are the same, and for some reason I can't save the edited widget after updating to 4.9. I would like an ignore button to be able to save the content inside a widget, especially the custom HTML widget. I don't want WordPress' brand new HTML checker feature to override code that is working completely fine.
Would it be possible to do that, or make it so that you can at least checkmark something to be able to save the widget.
The error it is bugging me about is this:
{{{

}}}
Because I have two or more widgets using the same formatting it actually wants me to change them, and in that case break the formatting just to please itself. I have made websites for over 20 years, I don't need a WordPress feature «for dummies» to tell me how to write my HTML code.
" skoen
Unpatched Enhancements 33473 "Shortcodes + Widgets + Nav Menus. Unified ""component"" API (aka Content Blocks)" Widgets normal normal Future Release feature request new 2015-08-20T21:53:57Z 2018-03-26T16:53:02Z "Looking ahead and seeing that Shortcake is getting a lot of support, I've noticed that shortcodes and widgets are beginning to look fundamentally the same. They are both view components that express some sort of input fields for dynamic ""instance"" data. So I'm wondering what the general feeling would be toward a unified ""Component"" API.
Lets say you're a designer implementing a theme and you have a stylized block for displaying an author. At times you might want to express that in a sidebar, and other times you might want to use it inline in page content. The HTML output is fundamentally the same, and differences only deal with where the input data is coming from (shortcode attrs vs. widget data) and minor presentational differences based on context. This could be very simply expressed as a single class or function pattern that does the work of registering the shortcode and widget under the hood for you. A client or someone downloading a theme often won't know that they want a component to work inside a sidebar or inside the content until they realize it isn't available.
The benefit of a unified API is that you double the usable components you have to work with. There are great developers making widget bundles and other great developers making shortcodes, but not many doing both. All this to say, it's actually pretty straightforward to implement a class version of this API that handles registering both types of object for you. I have a working version of this in a plugin already. I'm just curious if anyone else thinks this is a problem worth pursuing. Thoughts?
Aside: You could make a case that template parts aren't all that different from shortcodes and widgets and might also benefit from input fields (customizer anyone?), at which point you'd have a component that could truly go anywhere." brentjett@…
Slated for Next Release 42852 Add new user: new password not generated when reopening Show Password Users 4.7 normal normal 5.0 defect (bug) new has-patch 2017-12-09T12:17:17Z 2017-12-11T16:43:01Z "Noticed while working on #42749: After [38494], see also [34312], [33766], [33079], and [32589], in the ""Add new user"" screen a new password is not displayed when clicking ""Show Password"", then ""Cancel"", then ""Show Password"" again.
In WordPress 4.6:
- go in the ""Add new user"" screen (user-new.php)
- click ""Show Password""
- observe the generated password
- click ""Cancel"": the form closes
- click ""Show Password"" again
- observe there's a new generated password displayed
This matched the behavior in the ""Your profile"" screen (profile.php.)
Repeat the above steps in WordPress 4.7 or more recent version:
- go in the ""Add new user"" screen (user-new.php)
- click ""Show Password""
- observe the generated password
- click ""Cancel"": the form closes
- click ""Show Password"" again
- the password field is empty
At this point, there's no way to generate a new password other than reloading the page. Additionally:
- a real password is actually generated but is not displayed in its ""non-masked"" form
- the password field looks empty but the strength indicator says ""Strong""
- clicking ""Hide"" shows the real password field filled with dots: confusing for users, since the other field is empty
Following the argumentations on the related tickets #33419 and #37902, the implemented changes make sense. However, there's an unintended consequence: the real password field `$pass1` is filled up while its visual representation `$pass1Text` is empty.
" afercia
Slated for Next Release 43496 CS: Fix disabled for user-edit.php Users 4.1 normal normal 5.0 defect (bug) new has-patch 2018-03-08T06:42:24Z 2018-03-15T17:02:53Z "Many apologies if this is a duplicate. I have searched but did not find it yet posted.
According to W3C specifications and as per HTML Coding Standards( https://make.wordpress.org/core/handbook/best-practices/coding-standards/html/#quotes ) handbook all attributes must have a value, and must use double or single-quotes." mukesh27
Slated for Next Release 43405 CS: Fix violations for wp-signup.php Users trunk normal normal 5.0 defect (bug) new has-patch 2018-02-24T14:42:41Z 2018-02-25T11:35:13Z Address code standard violations in `wp-signup.php`. GaryJ
Slated for Next Release 42853 Change password UI: Cancel button invisible on small screens Users normal normal 5.0 defect (bug) new has-patch 2017-12-09T15:03:13Z 2018-01-22T06:48:36Z "After [33206] the Cancel button is invisible on small screens:
[[Image(https://cldup.com/fsZgBY-m9z.png)]]
While on the login screen there shouldn't be a Cancel button, on the other admin screens (edit user, add new user, profile) the Cancel button is actually still there: only its text content is hidden and the button is still focusable and can be activated:
[[Image(https://cldup.com/bfB8X67Fej.png)]]
This is an accessibility and usability issue, since an operable control is not visible in the UI. Worth noting the button `aria-label` is always ""Cancel password change"" also in the new user screen, where actually nothing is being changed: it's a new user creation process where the password gets ""created"" and not ""changed"".
There's also a functional issue: the Cancel button doesn't just ""cancel"" the current operation. It also generates a new password when clicked, so when reopening the form a new password is ready. Or, at least, it should: see #42852.
Therefore, on small screens there's no way to generate a new password after clicking ""Generate password"" or ""Show password"".
As I see it, there are a couple options:
- if it's OK to remove the ability to generate a new password on small screens, then the whole button should be hidden, not just its text. At this point the `aria-label` would be pointless and should be removed.
- otherwise, to keep the ability to generate a new password on small screens, the whole responsive UI should be reviewed in order to always display both the show/hide and the cancel buttons." afercia
Slated for Next Release 42315 User with no role on a site on a multisite network sees inaccessible links johnbillion* Users normal normal 5.0 defect (bug) accepted 2017-10-23T18:33:39Z 2017-10-23T18:50:57Z "This is a follow-up to #41453 which was partially fixed in 4.9.
A user who is a member of a site on a multisite network but has no role on the site will encounter the following problems:
* An immediate ""Sorry, you are not allowed to access this page"" error upon logging in.
* An admin toolbar link to their profile, which they cannot edit.
* An admin toolbar link to `My Sites`, which they cannot access." johnbillion
Slated for Next Release 42749 Accessibility enhancements for change password field afercia Users 4.9 normal normal 5.0 enhancement assigned has-patch 2017-11-29T19:15:01Z 2017-12-11T16:43:34Z "Attaching accessibility enhancements to the users.js file which includes support for the change password box. The button is now never hidden and will offer a more accessible experience.
- Announce when form is open or closed.
- Focus in form after open.
Hope it's useful." alexstine
Slated for Next Release 43679 Add $this to found_users_query filter Users 3.2 normal normal 5.0 enhancement new has-patch 2018-04-02T22:07:59Z 2018-04-04T16:07:33Z Add more context to the `found_users_query` filter, by adding this to the filter. spacedmonkey
Slated for Next Release 42132 Add filter to emails sent by wp-admin/user-new.php johnbillion Users normal normal 5.0 enhancement reviewing has-patch 2017-10-07T14:24:06Z 2018-05-22T19:27:42Z "`wp-admin/user-new.php` contains a call to `wp_mail()` which sends an email when an existing user is invited to a site from the `Users -> Add New -> Add Existing User` screen within a site on Multisite. ([https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-admin/user-new.php?marks=92-100#L91 Ref]).
The contents of the email cannot be filtered. The subject, message, and headers should be passed through a filter in the same format as the `password_change_email ` filter. ([https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/user.php?marks=1842-1864#L1818 Ref])." johnbillion
Slated for Next Release 43680 Add new filter to WP_User_Query Users 3.1 normal normal 5.0 enhancement new has-patch 2018-04-02T22:19:50Z 2018-04-04T16:12:39Z Add a new filter to filter the value of results returned from the WP_User_Query. This brings the WP_User_Query class inline with other query classes, like WP_Query, which already has `posts_results` filter. This filter is a powerful one, that will allow for third party code, to hook in and change the results of the query. spacedmonkey
Slated for Next Release 43693 Add pre filter in count user function Users 3.0 normal normal 5.0 enhancement new has-patch 2018-04-04T20:59:43Z 2018-04-04T21:51:41Z Add filter to the count user function, so the count can changed or filtered. spacedmonkey
Slated for Next Release 34281 Allow admins to send users a 'Reset Password' link adamsilverstein Users 4.4 normal normal 5.0 enhancement assigned dev-feedback 2015-10-13T02:15:01Z 2018-01-15T20:52:45Z "Following #24633 and #34180
As Pippin said:
> it'd be really nice for admins to be able to manually generate a new password for user accounts and then automatically send that new password via email.
As an extension of that, should we be able to easily send users a link to reset their passwords? It would greatly improve supporting communities. Instead of explaining ""Go to domain.com/wp-admin/ and click on lost password and put in your info..."" you can just press a button and send a link. Done.
I was able to make it a plugin but I'm epically failing at getting the ajax/js stuff to work right as a core patch :(
Screenshot: https://cloudup.com/cWNmv6T0SXI
Code: https://cloudup.com/c2SpsmqXb14
This doesn't actually change the password or even force it. If you, as an admin, change the password of a user, they get an email anyway. This uses just emails them the reset link. " Ipstenu
Slated for Next Release 38741 Introduce the concept of a large site in order to speed up the Users screen when there are many users johnbillion* Users normal normal 5.0 enhancement accepted early 2016-11-09T23:13:24Z 2018-05-22T16:04:13Z "Given a single site install with a high number of users, the Users screen can become very slow due to the nasty query performed by `count_users()`. The result of this query is used to populate the count of users with each role in the role filtering links across the top.
{{{
SELECT
COUNT(NULLIF(`meta_value` LIKE '%\""administrator\""%', false)),
COUNT(NULLIF(`meta_value` LIKE '%\""editor\""%', false)),
COUNT(NULLIF(`meta_value` LIKE '%\""author\""%', false)),
COUNT(NULLIF(`meta_value` LIKE '%\""contributor\""%', false)),
COUNT(NULLIF(`meta_value` LIKE '%\""subscriber\""%', false)),
COUNT(NULLIF(`meta_value` = 'a:0:{}', false)), COUNT(*)
FROM
wp_usermeta
WHERE
meta_key = 'wp_capabilities'
}}}
On a site with tens of thousands of users, this SQL query can easily take tens of seconds.
Multisite has the concept of a large network (by default, one with > 10,000 users or > 10,000 sites), but single site doesn't have this concept.
The query performed by `count_users()` can be skipped entirely. If it is skipped, the list of roles will simply display all available roles and won't display a count next to each role. I think this is a completely acceptable trade-off for such a performance gain on sites with a high number of users." johnbillion
Tickets Awaiting Review 27606 """Add Existing User"" form does not preserve input in case of an error" Users low minor Awaiting Review defect (bug) new has-patch 2014-03-31T10:43:42Z 2017-07-13T19:24:07Z "Background: #27006
In single site, ""Add New User"" form preserves entered values in case of an error.
In Multisite, ""Add New User"" form preserves the values, but ""Add Existing User"" does not.
In network admin, ""Add New User"" form does not preserve the values." SergeyBiryukov
Tickets Awaiting Review 31946 /wp-admin/user-edit.php fails when using with IDN domain name Users 4.1.1 normal normal Awaiting Review defect (bug) new 2015-04-10T19:35:38Z 2015-04-10T19:35:38Z "'''Steps to reproduce the problem:''' in a IDN-based domain site, logon to the admin area, go to Users in the main menu and click on edit any user.
'''Domain is:''' gudñus.com.ar
'''The exact URL is:''' http://gudñus.com.ar/wp-admin/user-edit.php?user_id=3&wp_http_referer=%2Fwp-admin%2Fusers.php
If I reload the page without the wp_http_referer part of the querystring, it works.
Other 4.1.1 WP installations I have work properly, the site with IDN domain is the only with problems.
The bug results in a page showing next text:
'''''Forbidden'''''
''You don't have permission to access /wp-admin/user-edit.php on this server.''
''Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.''
'''Please notice again''', that if I take out the wp_http_referer part the page works, no ""Forbidden"" page is shown.
'''Extra:''' Had similar problem (more severe, couldn't even login to /wp-admin) when installing wordpress in a folder with latin chars (like domain.com/gudñus/) but couldn't check in depth for that issue." aesede
Tickets Awaiting Review 41439 A super admin cannot remove themselves from a site Users 3.0 normal normal Awaiting Review defect (bug) new 2017-07-25T17:52:24Z 2017-09-20T12:58:56Z A super admin cannot remove themselves from a site, either from the `Users` listing screen in the site's dashboard or from the `Users` tab when editing the site. There's no reason to prevent this from being possible. johnbillion
Tickets Awaiting Review 40613 Add query cache to WP_User_Query class Users 3.1 normal normal Awaiting Review defect (bug) new has-patch 2017-04-30T18:36:40Z 2018-04-25T20:37:56Z "When calling `get_users()` the query itself is not cached. If multiple calls to `get_users()` with the same `$args` array occur, each will result in a database hit.
Note that each individual user object is cached, and that query caches will need to be invalidated when users are added/removed/edited.
Theoretically, on busy sites with many users who are constantly changing passwords and things, caching user queries may not yield a significant performance improvement. For the majority of installations (where users are not shifted around nearly as much) this could result in several additional cache hits per page load (especially with persistent caches in place.)
Functions like `wp_dropdown_users()` are called multiple times when viewing the Posts list-table, and many plugins also call `get_users()` knowing that user objects are cached (but not noticing the additional database hits for each call itself.)
Membership plugins like BuddyPress would have inherent benefits, and bbPress could operate more efficiently when querying for the intersection of many topics with many users who are engaged in them.
Patch imminent." johnjamesjacoby
Tickets Awaiting Review 16788 Ampersands in e-mail address become invalid Users 3.0.5 normal normal Awaiting Review defect (bug) new dev-feedback 2011-03-07T20:01:38Z 2015-10-31T15:28:53Z "When an e-mail address contains an ampersand, WordPress improperly escapes the ampersand invalidating the e-mail address.
Example: h&f@domain.com becomes h&amp@domain.com
First of all, the proper HTML entity for ""&"" is '''&'''. Where did the extra '''amp''' come from?
Also, an ampersand is a valid character in an e-mail address and should not be escaped. Escaping it could be a completely different e-mail address.
I have not dug into the code to find out where this is happening but I'd assume in '''sanitize_email()'''." jfarthing84
Tickets Awaiting Review 33759 An admin changing an email/password should not generate a notification Users 4.3 normal normal Awaiting Review defect (bug) new 2015-09-07T05:01:06Z 2015-10-31T04:20:55Z "Branched off from #33504 as requested.
In 4.3, email notifications are now sent to a user whenever their email or password is changed. The reasoning behind the was solely from a security perspective:
''so if someone hijacks your browser session and changes these items, you’ll be notified that it happened, and you can take action.''
If the person changing the email/password is an admin, this notification does not provide any security benefits or useful information - all is done is mislead/confuse the user.
It does not provide security benefits because an admin has full control of the site and rights to do whatever they want - they could delete every user account on the site and create their own if they wanted to.
It is misleading/confusing because the notification implies this should only be happening if they changed the information themselves: ''If you did not change your password, please contact the Site Administrator''.
A common use-case where an admin is changing the password of a user occurs after a WordPress import - you are prompted to change all imported users' passwords. Other than editing site code to add filters, you can no longer do so without everyone getting an email they won't understand - even if you are setting their passwords to same as their originals.
For these reasons, I suggest altering the code to not send these notifications if the change of email/password was instigated by someone with admin rights." smerriman
Tickets Awaiting Review 29505 Both update_user_option and update_user_meta returning false Users 4.0 normal normal Awaiting Review defect (bug) new 2014-09-04T09:10:58Z 2015-12-03T18:30:05Z "
{{{
if(update_user_meta( $user->ID, 'wp-lock-bg', serialize($bgs))){
echo ""true"";
}
else{
echo ""False"";
}
}}}
{{{
if(update_user_option( $user->ID, 'wp-lock-bg', serialize($bgs))){
echo ""true"";
}
else{
echo ""False"";
}
}}}
Both code snippet returning false. I am getting correct user id, and option value. I have tested wp4.0 rc1 . Tested and working fine with 3.9.2" miqdadk
Tickets Awaiting Review 31772 Browser unresponsive with long password Users 3.7 normal normal Awaiting Review defect (bug) new needs-unit-tests 2015-03-26T00:47:25Z 2015-05-07T10:11:48Z "== Steps to reproduce
1. Login
1. Navigate to profile
1. Click in the text input for ""New Password""
1. Paste in a long password
* E.g. 600 characters:
{{{
123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
}}}
1. Press the ""tab"" key
- **Expected behaviour**:
- The cursor moves to the ""Repeat New Password"" field.
- ""Strength indicator"" changes to ""Strong"" or ""Weak"" (probably should be ""weak"").
- **Actual behaviour**:
- The cursor does not move.
- The cursor stops blinking.
- ""Strength indicator"" does not change.
- The browser is not responsive.
- After several seconds or a minute, the cursor eventually starts blinking, moves to the ""Repeat New Password"" field and the strength indicator changes to ""Strong"" (probably should be ""weak"").
1. Press the ""shift+tab"" keys
- **Expected behaviour**: The focus moves to the ""New Password"" field and its content is selected.
- **Actual behaviour**:
- The cursor does not move.
- The cursor stops blinking.
- The browser is not responsive.
- After several seconds or a minute, the focus eventually moves to the ""New Password"" field and the content is selected.
1. Press the delete/backspace key
- As expected, the password is deleted and the browser is immediately responsive.
My testing was as an administrator using Chrome on Mac OS X. I think this issue applies to any role and any browser on any OS. I expect the delay is longer with slower hardware.
== Solutions ==
Certainly the strength checker need not run on `focus` events. It should only be necessary on `change`.
It could also run after a short timeout (~500 ms) if no other `change` event has occured, so that it only runs when the user stops typing.
An elaborate solution might be to make the password strength checking code more efficient. Or only run it on the first N characters.
Or alternatively, seek a third party library that checks password strengths more performantly.
A simple solution could be to set the `maxlength=""""` attribute on password ``s. Rough testing on Chrome on an 18-month old MacBook Air suggests The limit would probably need to be less than about 64-256 in order to keep the browser responsive (without modifying the unperformant code).
The disadvantage of this approach is that long passwords can not be input by the keyboard, or will be truncated if pasted in. This might be an issue for users that use password managing software like OnePassword. We would need to investigate how long the passwords generated by such software is.
For reference and comparison;
- The server-side limit is currently 4096: https://github.com/WordPress/WordPress/blob/master/wp-includes/class-phpass.php#L217
- If a password is set that is longer than 4096 characters, WP silently fails to save the password." BevanR
Tickets Awaiting Review 35017 Bug in bindPasswordForm() LastPass mismatch issue Users 4.4 normal normal Awaiting Review defect (bug) new 2015-12-11T16:24:12Z 2016-03-17T08:05:12Z "Hello,
Using Wordpress 4.4
I seem to have found a small bug in the file wp-admin/js/user-profile.js (user-profile.min.js).
The theme that I am customizing has a front end profile editor. When the user navigates to the editor and attempts to update their password, if typing in the first password text box updates the second with only the first character of the string entered. This bit of javascript is meant to handle LastPass input, but breaks regular text entry. It seems that the javascript that is bound to the first text box is bound on input, when it should be bound on a paste event perhaps? I have included a jsfiddle to demonstrate the issue. http://jsfiddle.net/nge42ryb/10/
My apologies if this is not sufficient information to diagnose. Please feel free to ask for any additional information that might be helpful.
" amandala
Tickets Awaiting Review 38042 Cannot sort users by name Users 4.6 normal normal Awaiting Review defect (bug) new 2016-09-13T15:44:56Z 2016-09-13T15:47:35Z "Hello,
Since v4.6, we can no longer sort users by name via /wp-admin/users
They can still be sorted by appending the query string '?orderby=name&order=desc' so I'm assuming this wasn't an intentional removal?
Thanks,
Chris" chriswright
Tickets Awaiting Review 40060 Define ADMIN_COOKIE_PATH cause unreachable /wp-login.php Users 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-07T13:11:56Z 2017-03-07T14:44:52Z "If user is logged in and tries to open /wp-login.php page, he never couldn't do this if ADMIN_COOKIE_PATH is set to root '/' (is equal to COOKIEPATH). Instead, the redirect to /wp-admin/ will occur. Even more, many of function during page load will run twice.
In a long route of functions, the last one is wp_parse_auth_cookie(), which return false to many functions called from, which cause ""true"" check in wp-login.php on line 814, where unneeded redirect happens.
{{{#!php
All Users > ""Search Users"" (in top-right corner)).
The SQL that is generated looks something like this:
{{{
SELECT SQL_CALC_FOUND_ROWS wp_users.ID
FROM wp_users
INNER JOIN wp_usermeta
ON ( wp_users.ID = wp_usermeta.user_id )
WHERE (
1=1 AND
(
user_login LIKE '%Search Term%' OR
user_url LIKE '%Search Term%' OR
user_email LIKE '%Search Term%' OR
user_nicename LIKE '%Search Term%' OR
display_name LIKE '%Search Term%'
)
)
ORDER BY user_login ASC LIMIT 0, 20;
}}}
However, such a query is not guaranteed to return unique user IDs. It just so ""happens"" to work right now. The more correct query adds the DISTINCT keyword:
{{{
SELECT SQL_CALC_FOUND_ROWS DISTINCT wp_users.ID
...
}}}
Modifying the query in certain situations results in duplicate user IDs being returned. One example, of many such modifications that could be made, can be seen in the Better User Search plugin on line https://github.com/wp-plugins/better-user-search/blob/master/better-user-search.php#L200.
As is, this is currently breaking pagination and sometimes displaying redundant users as you flip through the pages. (See attached screenshot. My pagination is set to 20, and I have 100 matching users on my system).
[[Image()]]" navepilif
Tickets Awaiting Review 38037 Maximum User ID Issue Users 4.6.1 normal normal Awaiting Review defect (bug) new 2016-09-13T10:46:57Z 2016-09-13T11:07:38Z "Hi,
We found that if you set the AUTO_INCREMENT value to 18446744073709551614 (which is 1 less than the maximum value of BIGINT), it creates a blank user in the admin user table. upon checking the mySQL database details, we found that the ID (_users) is 18446744073709551614 and the user_id (_usermeta) is 9223372036854775807. the reason for the test is, we have created a plugin that allows an admin to change the user ID of any user, so we where testing the maximum upper limits of. The only way to delete this user is manually, the delete option fails.
it would seem the ID (_users) supports 0 to 18446744073709551615
and
it would seem the user_id (_usermeta) supports -9223372036854775808 to 9223372036854775807
this can be checked in https://dev.mysql.com/doc/refman/5.5/en/integer-types.html
thanks" akaracing
Tickets Awaiting Review 17793 No explanation on invalid characters on registration form chriscct7 Users 2.1 normal normal Awaiting Review defect (bug) reviewing has-patch 2011-06-14T08:46:22Z 2015-12-06T23:20:56Z "When a user tries to register with a username containing special characters (e.g. accented letters), WP shows an error message saying ""This username is invalid because it uses illegal characters. Please enter a valid username."".
However, this doesn't really help the user because the message does not explain how to fix the problem, i.e. which characters are allowed.
Please consider adding a brief listing of allowed characters." molnarm
Tickets Awaiting Review 20854 PHP warning caused by missing 'spam' and 'deleted' fields in a custom user table Nikolaos Raftopoulos Users 3.3.2 normal normal Awaiting Review defect (bug) reopened has-patch 2012-06-06T12:45:29Z 2015-10-31T15:38:58Z "In my network dashboard I get the following error message :
Warning: number_format() expects parameter 1 to be double, string given in /home/tklighth/public_html/wp-includes/functions.php on line 155" leondari
Tickets Awaiting Review 40835 Password and email change emails should not contain site-specific wording on multisite Users normal normal Awaiting Review defect (bug) new dev-feedback 2017-05-22T12:20:14Z 2017-05-22T12:20:14Z "With multisite enabled, the following three actions (there may be more) result in an email being sent to the user which contains wording specific to the site that the user happens to be on when they perform the action:
* Attempt to change their email address.
* Confirmed change of email address.
* Changed password.
As an example, here's the text from the ""Notice of Password Change"" email:
{{{
Hi john,
This notice confirms that your password was changed on Site B.
If you did not change your password, please contact the Site Administrator at
siteb@example.com
This email has been sent to john@example.com
Regards,
All at Site B
http://mtrunk.wp/siteb
}}}
This is misleading because it's not immediately clear whether my password was changed on all the sites on the network, or whether the change was specific to ""Site B"".
In addition, the email address shown is the email address of the site administrator, not the network administrator. The site administrator does not necessarily have the ability to manage users.
There may be similar considerations to those raised in #21352 regarding a user's awareness of the site being part of a network of sites." johnbillion
Tickets Awaiting Review 40477 REST API: Does NOT Trigger New User Notifications! Users 4.7 normal normal Awaiting Review defect (bug) new needs-unit-tests 2017-04-19T07:35:19Z 2017-12-04T05:11:43Z "If you create new users with WP REST API. The notification for new WordPress users via email does NOT get triggered. I tried it on a fresh install. Used the [Email log](https://wordpress.org/plugins/email-log/) WP plugin to test that no emails were sent.
" mrahmadawais
Tickets Awaiting Review 35450 Relocate user's primary_blog setting to user profile Users 3.0 normal normal Awaiting Review defect (bug) new 2016-01-13T21:59:02Z 2016-09-12T11:32:17Z "In multisite installations, the `primary_blog` user setting is an anomaly:
* It's located in `my-sites.php` vs. `user-edit.php` or `profile.php`.
* It's both presented and conditionally saved in `choose_primary_blog()` vs. in `wp_insert_user()` along with the rest of a user's data & meta
* It uses the `_user_option()` functions with the `$global` flag set to true, instead of `_user_meta()` functions. At a glance, the code makes this look like `primary_blog` might be a per-site setting, which wouldn't make any sense.
I'd like to suggest we do a few things to improve this setting:
* Move this setting into the user profile, and remove it from `my-sites.php`
* Move the saving of the `primary_blog` user meta key into `wp_insert_user()` so it can added to a user a object
* Introduce a new function, similar to `choose_primary_blog()`, for displaying this field in the user profile
* Switch to using the `user_meta()` functions, away from `user_option()`" johnjamesjacoby
Tickets Awaiting Review 28369 Replace @ with a hyphen in user_nicename Users low minor Awaiting Review defect (bug) new 2014-05-26T18:50:08Z 2015-03-03T19:15:58Z "If you register with `john.smith@gmail.com` as a username, your `user_nicename` (displayed in author archive URL) will be `john-smithgmail-com`.
`sanitize_user()` should probably replace `@` with a hyphen, not remove it completely." SergeyBiryukov
Tickets Awaiting Review 17370 Screen options and meta box settings can lose per-blog meta box positions Users 3.1 normal normal Awaiting Review defect (bug) new 2011-05-10T21:13:37Z 2015-12-03T17:56:30Z "User preferences for admin interface appearance of the Dashboard and the Edit/Add New pages are stored in per-user options in wp_usermeta: closedpostboxes_$page, metaboxhidden_$page, meta-box-order_$page, and screen_layout_$page, where $page is one of 'post', 'page', or 'dashboard'. Users can customize the order of the Dashboard and editing meta boxes to better suit their workflow using the drag-and-drop AJAX interface to move the meta boxes into ordered columns and the Screen Options tab to show and hide the boxes. Many plugins add custom meta boxes to the Edit/Add New Post page.
In a multisite installation, with different plugins active on different blogs, users who rearrange an Add New Post page on a blog with a custom meta box and then rearrange it on a different blog without that meta box will lose the position of the custom meta box. Blogs can have different features and workflows implemented, and having per user options for the appearance instead of per user, per blog options limits the ability of a user to customize the interface.
The expected behavior for moving things around is that it changes on one blog, not on all blogs." jmdodd
Tickets Awaiting Review 43936 Settings: Warn when open registration and new user default is privileged Users normal normal Awaiting Review defect (bug) new has-patch 2018-05-02T18:21:52Z 2018-05-07T09:46:13Z "Much like our Strong Passwords work, we can help inform site administrators when their actions may be sub-optimal.
WordPress allows a site owner to open registration AND set the default new user level to ""Administrator"". While this combination may make sense for some sites (on an intranet?), this is typically a really really bad idea.
We should provide some type of confirmation to ensure site administrators are intending to open their site up.
If registration is open and default level is Subscriber (`read` cap only), the current behavior is fine. If registration is open and other capabilities are included in the default role, we should have some type of checkbox or ""are you sure"" notice. ""By allowing open registration and a default role of {role}, anyone who can visit the site would have the ability to {have full control of your site|publish content|etc}.""
We saw this in the wild on a site in support today :)." kraftbj
Tickets Awaiting Review 43131 Unable to add new users Users 4.9.2 normal normal Awaiting Review defect (bug) new 2018-01-19T14:53:08Z 2018-01-19T16:34:59Z "[[Image(Users list)]]For some reason, every time I attempt to add a user [[Image(New user)]], it removes all the users alphabetically below and inclusive of the new entry [[Image(User list post addition)]]. I cannot therefore update the extended profile or access any users under this entry. This has previously happened, so I removed the buddypress pluggin and reactivated it an this allowed me to update the entry and reinstated the missing users. Although when I have tried this work around this time, it is generating a 500 Internal Server Error.
Subsequently I have downloaded the ""Health Check"" plugin, as it has highlighted a couple of errors:
-The loopback request to your site failed, this may prevent WP_Cron from working, along with theme and plugin editors.Error encountered: (0) cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received
-Testing gears: The loopback requeshttps://core.trac.wordpress.org/newticket#t returned an unexpected status code, 500, this may affect tools such as WP_Cron, or theme and plugin editors.
I have also completed a troubleshoot, removing all the plugins. At this point I was able to add users. I think activated the gears plugin first, which then cause my site to crash out- error 500.
" initials1
Tickets Awaiting Review 41725 User Search Box disappears if searched with 0 (zero) Users 4.8.1 normal normal Awaiting Review defect (bug) new has-patch 2017-08-25T11:44:12Z 2017-08-25T12:07:15Z "If I search users with ""0"" in search box, the '''search box disappears''' after the search is performed and there is no way of doing another search without reloading user list or going back!
If I enter any other value like 999999, -200, xyz etc. no user is fetched, which is fine. But the search box remains visible. It only disappears for `0`.
Line nos. 347 and 348 in /wp-admin/includes/class-wp-list-table.php has this:
{{{#!php
has_items() )
return;
...
}
}}}
If I understand correctly, according to [https://developer.wordpress.org/reference/classes/wp_list_table/search_box/] and [https://developer.wordpress.org/reference/classes/wp_list_table/has_items/], (`&& !$this->has_items()`) looks whether the table has items to display or not, where the first link is responsible for rendering the search_box.
So when I enter such a value for which there will no record fetched, should not render the search box after search is performed, but as I said, it is happening only for `0`
Commenting out the above if block prevents search box from disappearing. The search box should remain visible irrespective of values entered into it." subrataemfluence
Tickets Awaiting Review 18499 User count / roles inconsistency if roles no longer exist but users still do Users 3.2.1 normal normal Awaiting Review defect (bug) new 2011-08-23T13:53:43Z 2015-12-03T17:59:51Z "The count_users logic (from line 833 onwards in wp-includes/user.php) is based on user roles.
If the roles were created by a theme or plugin which is then deactivated, wordpress loses count of the users, but still lists them. The behaviour is confusing and inconsistent. See attached screenshot.
1) the user count total at the top (all) ignores the users with no 'active' role, however users are all listed (the users are shown as 'no role' in the list)
2) the old roles are shown in the dropdown selection however are not listed in the totals
Suggestions:
1) the total user count should at the very least be correct wrt to the list.
2) Perhaps a total of 'no role' users could/should be shown (since the users are listed anyway ?)
3) If the old roles are shown in the dropdown, perhaps they should be flagged as inactive in some way?" anmari
Tickets Awaiting Review 42957 Usernames ending in a period generate invalid reset password links in certain email clients Users trunk normal normal Awaiting Review defect (bug) new has-patch 2017-12-21T16:51:13Z 2017-12-21T18:46:30Z "Password reset links contain the username appended to the end of the URL. If the user name ends in a period the email client has to decide if the period is part of the URL or part of the punctuation of the sentence. For example:
Gmail generates a clickable link that stops short of the final period. Outlook successfully links the entire URL." paulcline
Tickets Awaiting Review 22367 "Usernames with ""@"" char are assumed email addresses, causing incorrect look-up in several places" johnjamesjacoby Users normal normal Awaiting Review defect (bug) reviewing dev-feedback 2012-11-06T00:45:19Z 2016-10-11T19:58:52Z "'''Problem'''
Usernames containing the ""@"" character are mistakenly assumed to be email addresses when:
* wp-login.php - Resetting passwords
* /wp-admin/user-new.php - Adding an existing user to a site, in multisite
* /wp-includes/user.php - Searching for a user
----
'''Duplicate'''
* Create a user with the login ""@testing""
* Verify the account, etc...
'''Bug in Search'''
* Visit: wp-admin/network/users.php - attempt to search for: ""@testing""
* Result: no users found
* What should happen: find the user
'''Bug in Add New'''
* Visit: wp-admin/wp-admin/user-new.php - attempt to add: ""@testing""
* Result: no users found
* What should happen: add the user
'''Bug in Reset Password'''
* Visit: wp-login.php - attempt to reset password for: ""@testing""
* Result: retrieve_password() accidentally succeeds, because strpos() check returns 0, which is the correct position of the ""@"" character. If the username was ""testing@"" this test would fail
----
'''Solution'''
The attached patch fixes these bugs by using is_email() instead of an strpos() for an @ character." johnjamesjacoby
Tickets Awaiting Review 33216 Users.php post count is not accurate as it does not include drafts. Users normal normal Awaiting Review defect (bug) new has-patch 2015-07-31T11:44:50Z 2015-08-04T16:45:02Z "On Users.php, the post count for users does not include Draft posts. However if you click on the number to view the Users' posts, the view presented does include drafts. I consider this a UX bug.
More seriously when, for example, deleting unused users, this number indicates a user has no posts when in fact they may have Draft posts. This can lead to posts being deleted when the users is deleted in the belief they have no (post) content. This is a much more serious UX problem as it can result in loss of content.
I have attached a patch to add another variable to get_posts_by_author_sql() and count_many_users_posts() / count_user_posts() to allow the inclusion of drafts. The variable is set to false by default so it does not effect any existing use of the functions. " emirpprime
Tickets Awaiting Review 41837 WP_User_Query can generate negative offset in the LIMIT clause Users 4.4 normal normal Awaiting Review defect (bug) new has-patch 2017-09-08T18:08:30Z 2017-09-08T18:51:27Z "The {{{paged}}} argument in {{{WP_User_Query}}} was introduced in #34531
There's a problem with the {{{paged}}} as 0 case.
There's a similar ticket for {{{WP_Comment_Query}}}: #41826
'''Example:
'''
When {{{paged}}} is 0 and number is 2, {{{WP_User_Query}}} generates the LIMIT clause:
{{{
LIMIT -2, 2
}}}
instead of
{{{
LIMIT 0, 2
}}}
According to the MySQL documentation, the offset in the LIMIT clause shouldn't be negative:
https://dev.mysql.com/doc/refman/5.7/en/select.html
I think we should handle it in the same way as in {{{WP_Query}}}, where the 0 case is the same as 1." birgire
Tickets Awaiting Review 27060 WP_User_Query using deprecated method of finding author Users 3.0 normal normal Awaiting Review defect (bug) new 2014-02-07T21:59:29Z 2015-10-29T17:21:21Z "WP_User_Query uses
{{{
if ( isset( $qv['who'] ) && 'authors' == $qv['who'] && $blog_id ) {
$qv['meta_key'] = $wpdb->get_blog_prefix( $blog_id ) . 'user_level';
$qv['meta_value'] = 0;
$qv['meta_compare'] = '!=';
$qv['blog_id'] = $blog_id = 0; // Prevent extra meta query
}
}}}
When PREFIX_user_level is deprecated. A better check is checking to see if that user has the ability to edit_posts, as that would be one who can write." Ckeboss
Tickets Awaiting Review 28212 determine_current_user filter with priority <10 gets overridden Users 3.9 normal normal Awaiting Review defect (bug) new 2014-05-12T01:35:55Z 2015-03-24T09:06:54Z "Introduced in #26706.
`wp_validate_auth_cookie` was shoehorned into this filter, and as such, doesn't return what the filter expects. On any error at all, it returns `false`, even if the ""error"" is that the cookie isn't set. If a function hooked into a lower priority (i.e. <10) returns a user ID, this will then be overridden by the built-in auth cookie." rmccue
Tickets Awaiting Review 36303 edit_user() will give PHP Notices if user_login is unset on add. Users 4.4.2 normal normal Awaiting Review defect (bug) new 2016-03-23T02:03:53Z 2016-03-23T02:03:53Z If you call edit_user() programmatically to add a user then if `$_POST['user_login']` isn't set you'll get multiple PHP Notices of `Undefined property: stdClass::$user_login` (as well as a WP error message). The attached patch sets it to blank on add if unset (the WP error message will still occur). gitlost
Tickets Awaiting Review 28163 function email_exists() check without removing umlauts Users 3.8.3 normal normal Awaiting Review defect (bug) new needs-unit-tests 2014-05-07T14:17:20Z 2015-11-01T16:55:43Z "But with wp_insert_user() the umlauts got removed.
A littel bit confusing." hpr78
Tickets Awaiting Review 37454 get_avatar_data() delivers different url for scheme=https and is_ssl() Users 4.3 normal normal Awaiting Review defect (bug) new needs-unit-tests 2016-07-25T08:09:46Z 2017-02-15T07:56:44Z "get_avatar_data() has an option to set the scheme. If https is used, an image URL is returned which is different to the one which is returned in case delivery is conducted via https without the scheme parameter. I think it would be better to serve the same gravatar url for https pages and explicit https-scheme requests.
Regarding performance and depending on the infrastructure, it could also be benefical to drop https://%d.gravatar.com completely and serve all requests to gravatar independent of the page's protocol via https://secure.gravatar.com/ to benefit from HTTP/2 (http and https://%d.gravatar.com requests are served via HTTP/1.1 whereas https://secure.gravatar.com/ allows multiplexing via HTTP/2)." neoxx
Tickets Awaiting Review 43393 get_user_by can return wrong user info Users normal normal Awaiting Review defect (bug) new 2018-02-23T14:38:13Z 2018-02-23T15:26:42Z "I am using memcached object cache dropin (I use https://tr.wordpress.org/plugins/memcached/) and there is two user record on wp_users table; one user's user_login is 'AlbertEinstein' other one's is 'Albert Einstein'. So there is two different user.
But these codes below are returning always same user's info; AlbertEinstein's info.
{{{
$user_data = get_user_by('login', 'Albert Einstein');
}}}
{{{
$user_data = get_user_by('login', 'AlbertEinstein');
}}}
It happens because of memcached protocol;
For installs that use the memcache/memcached object-cache drop-in (and possibly others), the resulting wp_cache_get always returns false since a memcached key ""... must not include control characters or whitespace."" (per [https://github.com/memcached/memcached/blob/master/doc/protocol.txt])
(this copied from #39034)" hberberoglu
Tickets Awaiting Review 28020 get_userdata and wp_get_current_user do not share WP_User instance Users normal normal Awaiting Review defect (bug) new 2014-04-25T01:51:55Z 2015-12-03T19:18:44Z "Just discovered this fun one.
Steps to reproduce:
{{{
$uid = 3;
// UID for this demo should be a subscriber
wp_set_current_user( $uid );
// $GLOBALS['current_user'] now contains a WP_User instance
$from_userdata = get_userdata( $uid );
// $from_userdata now also contains a WP_User instance, but not the same one
// Fun times with desynchronisation:
$from_userdata->set_role( 'administrator' );
assert(current_user_can('administrator'));
}}}
(I suspect you can also reproduce by using `wp_update_user` instead of `get_userdata`)
This is probably due to the fact that we don't use object caching for the user object instances, which would let us share the instances." rmccue
Tickets Awaiting Review 36556 has_cap was called with an argument Users 4.4.2 normal normal Awaiting Review defect (bug) new 2016-04-17T04:14:45Z 2016-04-17T04:36:12Z "I am seeing this error message in one of the site
Notice: has_cap was called with an argument that is deprecated since version 2.0! Usage of user levels by plugins and themes is deprecated. Use roles and capabilities instead. in ~/wp-includes/functions.php on line 3737
I understand it's probably because of one of the plugin or theme probably called a numeric user level instead of a capability name. But maybe we could create a backfill kind of approach here. " Asif2BD
Tickets Awaiting Review 39903 is_user_logged_in() true on ajax after cookie has been deleted Users 4.7.2 normal major Awaiting Review defect (bug) new 2017-02-17T14:46:34Z 2018-01-11T10:46:45Z "is_user_logged_in() will return true on ajax after cookie has been deleted manually in browser, until the session tokens expired or after destroy_sessions from admin for this user.
To reproduce on:
1. Add ajax callback function with one checkup is_user_logged_in().
2. Log in front-end.
3. Clear browser cookie.
4. Refresh page and run ajax. It will return true. But the var_dump( is_user_logged_in() ) on page will return correct false.
Even more: after deleting cookie and refreshing page, new wordpress_ cookie will appear again, maybe because of is_user_logged_in() check.
Proof on video attached using fresh wp install.
" esemlabel
Tickets Awaiting Review 30959 race condition in wp_insert_user() Users 4.1 normal normal Awaiting Review defect (bug) new 2015-01-08T22:22:33Z 2015-08-14T22:20:18Z Possibility exists for a user record insert between check if a user name already exists and actual database insert. A unique index on wp_users.user_login would prevent this, and allow the code to operate without a separate database query to check for an existing user. hanelyp
Tickets Awaiting Review 34805 registration_errors filter not called when adding users in admin section Users normal normal Awaiting Review defect (bug) new 2015-11-27T20:04:55Z 2015-12-03T15:44:37Z "Hi,
I believe that the `registration_errors` filter should also be called when adding a user from within the admin area.
As it stands now, it's only called when adding a user via `wp-login.php`
Cheers!
Mike" mikelopez
Tickets Awaiting Review 37202 the_archive_title() doesn't output the author's display name if that author hasn't posted Users 4.5.3 normal normal Awaiting Review defect (bug) new has-patch 2016-06-27T18:25:38Z 2016-07-27T12:51:57Z "In my archive.php template, if I do this:
{{{
get_header();
the_archive_title( '

', '

' );
// Rest of code...
}}}
and then take a look at example.com/author/joebloggs, I expect to see:
= Author: Joe Bloggs =
The problem is if joebloggs hasn't posted yet, I see this:
= Author: =" henry.wright
Tickets Awaiting Review 38897 user_email with & (ampersand) being encoded within the database making notifications fail Users 4.6.1 normal normal Awaiting Review defect (bug) new 2016-11-22T01:24:45Z 2016-11-22T01:24:45Z "Hello,
It seems Wordpress does some encoding on the email field which causes issues as the encoded email is stored in the database and causes notifications to fail as it's no longer a valid email.
The specific email i noticed this with had an ampersand (&) within the email, the following is a bogus one to illustrate;
johnny&joey@telus.net
This is apparently a valid email according to telus.net (as the email exists there, not that exact one of course) and according to IETF Trust as shown in this stack overflow answer;
http://stackoverflow.com/a/2049510
Anyway, if you register a user with an email containing & it will encode it into the database and fail to deliver the password notification.
The following should NOT be encoded;
""Characters ! # $ % & ' * + - / = ? ^ _ ` { | } ~
Character . (dot, period, full stop) provided that it is not the first or last character, and provided also that it does not appear two or more times consecutively.""
Thank you" garrett-eclipse
Tickets Awaiting Review 43734 user_profile_update_errors hook needs work-around to validate a to-be updated email address Users trunk normal normal Awaiting Review defect (bug) new 2018-04-10T19:56:47Z 2018-05-15T18:03:28Z "The 'user_profile_update_errors' hook can be used to (in)validate (custom added) fields in the user_profile before these fields are saved.
As far as I know, the 'best-practice' to do this is, is by accessing the field using it's name in {{{$_POST}}}. Grab it's value, do your thing and if this results in an error, add an error message to the $errors object and prevent the field from being saved to the database.
This does not work with the email field anymore (since WordPress version 4.9.0?), because {{{$_POST['email']}}} is reset to the current value in the database in the function {{{send_confirmation_on_profile_email()}}}. See: [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/user.php#L2792 wp-includes/user.php]
The reset of {{{$_POST['email']}}} to the current email address in the database prevents the 'best-practice' of accessing a field's value through {{{$_POST}}} because the new email address is now gone from {{{$_POST}}}.
'''Why is there a reset on $_POST?
'''
''My assumption is:''
Resetting {{{$_POST['email']}}} to the current email address in the database is needed, because of the new flow in WordPres in which WordPress requests a user's confirmation of a proposed email change (by sending an email to the new address and requesting the user to clink a link to confirm the change) before saving the new email address.
Therefor the value in the form should (at least temporarily) not be changed until the user has confirmed the change in email address. The chosen solution is such that the new email address is temporarily saved in a user meta field with the name '_new_email' including a hash. This is then processed upon when the user clicks on the link in the email requesting the email change.
'''
'''Solution'''
I don't have a good solution yet and by submitting this ticket I hope more people can have a look at this issue.
For now I'd suggest to update docs to include detailed information on how to use the user meta field {{{_new_email['newemail']}} instead of {{{$_POST['email']}}} in the user_profile_update_errors hook.
" BjornW
Tickets Awaiting Review 40949 wp_dropdown_users($args) is not returning desired list of users Users 4.7.5 normal normal Awaiting Review defect (bug) new 2017-06-08T14:38:07Z 2017-06-08T14:38:07Z "Below is a list of users with their roles:
{{{
aniket: Subscriber, Participant
cjx2009: Editor, Participant
jackoliv: Author, Participant
creamy90: Editor, Participant
lalitgarg: Participant
warrior: Contributor, Moderator
}}}
Here is the $args array:
{{{#!php
null,
'role' => array('Subscriber', 'Participant'),
'role__in => array('Editor', 'Contributor'),
'role__not_in => null
);
}}}
When calling `wp_dropdown_users` i don't see any dropdown list.
While, according to above users and their respective roles the list should bring up the following users:
{{{
aniket (matches exactly with 'role': Subscriber, Participant)
cjx2009 (matches 'role__in': Editor)
warrior (matches 'role__in': Contributor)
}}}
Even if I do not use a combination like above and just use `role => array('Subscriber', 'Participant')` nothing appears (I already have `'hide_if_only_one_author' => null,`).
Furthermore, if I set `role => null` and use `role__in => array('Contributor', 'Moderator')`, again there is nothing when I am expecting user `warrior` will come up in dropdown list! But if I only use 'Contributor' the dropdown appears with `warrior`." subrataemfluence
Tickets Awaiting Review 39370 wp_insert_user() appends suffix to nicename when updating already existing user Users 4.6.1 normal normal Awaiting Review defect (bug) new 2016-12-22T14:11:21Z 2016-12-22T14:11:21Z "wp_insert_user() appends suffix to nicename when updating already existing user, even though the user_nicename prop is set to exactly the same value as it currently has.
Steps to reproduce:
- Asuming you have a user in your wordpress database with the ID 1 and user_nicename set to 'test-nicename'.
- If you then make an update using wp_insert_user() of that user and in the update set the user_nicename to 'test-nicename', then wordpress will update the user, but append -2 as a suffix to the nicename.
This happens because of a check located on line 1597 - 1609 in wp-includes/user.php
{{{#!php
get_var( $wpdb->prepare(""SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1"" , $user_nicename, $user_login));
if ( $user_nicename_check) {
$suffix = 2;
while ($user_nicename_check) {
// user_nicename allows 50 chars. Subtract one for a hyphen, plus the length of the suffix.
$base_length = 49 - mb_strlen( $suffix );
$alt_user_nicename = mb_substr( $user_nicename, 0, $base_length ) . ""-$suffix"";
$user_nicename_check = $wpdb->get_var( $wpdb->prepare(""SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1"" , $alt_user_nicename, $user_login));
$suffix++;
}
$user_nicename = $alt_user_nicename;
}
}}}
This code is there to make sure that there are no duplicate nicenames in the wp_users table, which is fine. However it does not take into account updating the nicename of a user with the same value as it currently has.
The way to solve it is very easy, only simply changes the if() statement to check the id fethced in $user_nicename_check against the ID of the user currently being updated, like so:
{{{#!php
get_var( $wpdb->prepare(""SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1"" , $user_nicename, $user_login));
if ( $user_nicename_check && $ID != $user_nicename_check) {
$suffix = 2;
while ($user_nicename_check) {
// user_nicename allows 50 chars. Subtract one for a hyphen, plus the length of the suffix.
$base_length = 49 - mb_strlen( $suffix );
$alt_user_nicename = mb_substr( $user_nicename, 0, $base_length ) . ""-$suffix"";
$user_nicename_check = $wpdb->get_var( $wpdb->prepare(""SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1"" , $alt_user_nicename, $user_login));
$suffix++;
}
$user_nicename = $alt_user_nicename;
}
}}}
This makes prevents the code from appending the suffix when the $user_nicename_check ID matches the ID of the user currently being updated
" alfhen
Tickets Awaiting Review 23498 wp_list_authors ignores 'exclude_admin' arg when admin account has a display_name other then 'admin' Users 3.1 normal normal Awaiting Review defect (bug) new has-patch 2013-02-18T09:37:59Z 2015-02-02T21:20:30Z "Line 293 of author-template.php should be changed from:
{{{
if ( $exclude_admin && 'admin' == $author->display_name )
}}}
to:
{{{
if ( $exclude_admin && 'admin' == $author->user_login )
}}}
Thanks." raphaabreu
Tickets Awaiting Review 35488 wp_logout() not working as it should Users normal normal Awaiting Review defect (bug) new 2016-01-16T17:34:37Z 2016-01-17T04:35:49Z "I have test:
{{{#!php
';
if ( is_user_logged_in() ) {
echo 'content for user logged in';
} else {
echo 'content for user logged in - go to login form';
}
wp_logout();
echo 'content for guest';
if ( is_user_logged_in() ) {
echo 'content for user logged in';
} else {
echo 'content for user logged in - go to login form';
}
}}}
Output should be:
{{{
content for user logged in
content for user logged in - go to login form
}}}
but output is:
{{{
content for user logged in
content for user logged in
}}}
I think that this is bug. " sebastian.pisula
Tickets Awaiting Review 41522 wp_set_password() doesn't trigger a changed password notification Users normal normal Awaiting Review defect (bug) new dev-feedback 2017-08-01T20:30:59Z 2017-08-02T13:53:31Z "If {{{wp_update_user()}}} is used to update a user's password, a notification is sent to the user telling them their password has changed.
However, the same doesn't happen if {{{wp_set_password()}}} is used to update a user's password." henry.wright
Tickets Awaiting Review 41601 wp_update_user creates an error Users 4.8.1 normal normal Awaiting Review defect (bug) new 2017-08-10T11:16:39Z 2017-08-11T11:05:41Z "See my code below. When I use wp_upadte_user within the hook ""after_setup_theme"", it throws an error:
{{{
[Thu Aug 10 13:08:45.503396 2017] [proxy_fcgi:error] [pid 9452] [client 10.130.52.246:56561] AH01071: Got error 'PHP message: WordPress-Datenbank-Fehler You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE user_id = 6 AND blog_id = 1' at line 1 f\xc3\xbcr Abfrage '''SELECT COUNT(id) FROM WHERE user_id = 6 AND blog_id = 1''' von require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('after_setup_theme'), WP_Hook->do_action, WP_Hook->apply_filters, ad_sso_login, wp_update_user, wp_insert_user, do_action('profile_update'), WP_Hook->do_action, WP_Hook->apply_filters, bp_blogs_add_user_to_blog, bp_blogs_record_blog, BP_Blogs_Blog->save, BP_Blogs_Blog->exists\nPHP message: WordPress-Datenbank-Fehler You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '( user_id, blog_id ) VALUES ( 6, 1 )' at line 1 f\xc3\xbcr Abfrage INSERT INTO ( user_id, blog_id ) VALUES ( 6, 1 ) von require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('after_setup_theme'), WP_Hook->do_action, WP_Hook->apply_filters, ad_sso_login, wp_update_user, wp_insert_user, do_action('profile_update'), WP_Hook->do_action, WP_Hook->apply_filters, bp_blogs_add_user_to_blog, bp_blogs_record_blog, BP_Blogs_Blog->save\n', referer: http://intranetdev.rehau.org/
}}}
The sql functions being executed by this functions are missing the database table name.
Here is the code I am using inside the functions.php from my plugin:
{{{#!php
$user_id, 'user_url' => $website ) );
if ( is_wp_error( $user_id ) ) {
echo ""There was an error, probably that user doesn't exist."";
} else {
echo ""Success!"";
}
}
}}}
" iamklaus
Tickets Awaiting Review 42183 wp_update_user() conditional compares a plain-text password to the hashed old Users 4.5.2 normal normal Awaiting Review defect (bug) new dev-feedback 2017-10-11T14:20:02Z 2017-10-11T16:24:47Z "In file wp-includes/user.php, function [https://developer.wordpress.org/reference/functions/wp_update_user/ wp_update_user()]
On line 1767:
{{{
if ( ! empty( $userdata['user_pass'] ) && $userdata['user_pass'] !== $user_obj->user_pass)
}}}
The second conditional is comparing a plain-text password to a hashed version of password, so this would almost always evaluate to true except for the case where the new password itself matches the old hashed password. This block will then evaluate to false and therefore password itself won't be updated. It's a rare case but the logic here is incorrect. And obviously this code block would run when passwords are the same since it's comparing plain-text to the hashed version." yudge
Tickets Awaiting Review 41544 $id_or_email parameter in get_avatar filter needs to be more concrete Users normal normal Awaiting Review enhancement new dev-feedback 2017-08-03T10:16:03Z 2017-10-14T14:06:35Z "In the {{{get_avatar}}} and {{{pre_get_avatar}}} filters there is a parameter {{{$id_or_email}}} which documented as:
> The Gravatar to retrieve. Accepts a user_id, gravatar md5 hash, user email, WP_User object, WP_Post object, or WP_Comment object.
There might be anything, but how to get user from it?
So, in filter callback function, developer have to check all of these types to determine the actual user identifier.
Like here https://core.trac.wordpress.org/browser/tags/4.8.1/src/wp-includes/link-template.php?rev=41211#L3923-L3965
Would be much more better to have more concrete value type in {{{$id_or_email}}} parameter (for example user ID) passed to {{{get_avatar}}} and {{{pre_get_avatar}}} filters. Really.
" dikiy_forester
Tickets Awaiting Review 41673 Abstract update capability logic into a meta capability Users 4.9 normal normal Awaiting Review enhancement new needs-unit-tests 2017-08-19T12:50:14Z 2017-08-19T12:50:14Z "From [comment:4:ticket:41538]
There are three places in core now which use logic to determine whether a user has any one of the `update_*` capabilities. This should be abstracted into a meta capability such as `manage_updates`." johnbillion
Tickets Awaiting Review 25269 Action hook for when a user updates their password Users normal normal Awaiting Review enhancement new 2013-09-10T19:58:32Z 2015-10-07T19:54:23Z "When a user changes their password, there should be an action hook.
A use case that came up for me was sending out an email to the user when their password is updated to alert them of the change.
Another one that I can think of is setting an expiration time frame to force the user to change their password after X amount of days." desrosj
Tickets Awaiting Review 35868 Add Filter for Profile User Description Bio Users normal normal Awaiting Review enhancement new 2016-02-19T09:26:18Z 2016-04-05T06:25:42Z I see there's a filter for user_contactmethods and user_profile_picture_description but not for the bio. wordpresssites
Tickets Awaiting Review 35806 Add filter to capability check when checking if user row is editable Users normal normal Awaiting Review enhancement new 2016-02-12T01:12:54Z 2016-04-05T06:25:18Z "'''Suggestion'''
Currently in `class-wp-users-list-table.php` the check for wether or not a displayed user is editable is done using `current_user_can( 'list_users' )` on line 398. This is inflexible and doesn't allow finer control over which users are editable by which other users. I suggest filtering this check or filtering the specific capability.
'''Scenario'''
I create WordPress sites for clients in an agency setting. Our sites are highly bespoke, and changing themes or disabling plugins will cause harm to their site. Must-use plugins have their limitations and removing other themes from wp-content/themes only goes so far. On these sites, I want the client to administrate all aspects of the site, except for changing the theme or disabling plugins.
To this end, I've created a plugin defining a custom 'manager' role with. This role is highly permissive, save administrating themes or plugins. On the user side I want managers to be able to create users with manager or lower roles, but not create/edit/delete administrators. I can exclude administrators from the list using a `users_list_table_query_args` filter, but for transparency I want administrators to be listed, just not editable.
If either the check or the capability in `if ( current_user_can( 'list_users' ) ) {` went through `apply_filters`, I could define a custom capability and filter this check, producing the desired result, or create some other logic.
I feel as though this enhancement would be of great benefit, allowing finer grain user control." nathanshubert
Tickets Awaiting Review 35124 Add get_user() function that maps to get_user_by() Users normal normal Awaiting Review enhancement new 2015-12-16T19:20:22Z 2015-12-16T19:26:31Z "{{{#!php
` elements but there is still more to do.
The different sections have all `

` headings and `

` tables. It's hard to select these sections with CSS or JS because there is no identifiers. To take the initiative from #29348 to a bit further, I would add wrapper `

` elements to these sections.
I used following naming:
Section title: `Additional Capabilities`
Section wrapper id: `user-additional-capabilities-section`
This way, the naming is simalar to the `

` wrappers (like ""user-capabilities-wrap"") but has it's own logic that separates these two.
This patch makes it easy to hide the title of a section or hide the whole table of chosen section." TeemuSuoranta
Tickets Awaiting Review 38473 Additional hook for users list table navigation area Users 4.7 normal normal Awaiting Review enhancement new has-patch 2016-10-24T16:08:42Z 2016-10-24T16:30:04Z "A similar situation has been already discussed for {{{class-wp-posts-list-table.php}}} and {{{manage_posts_extra_tablenav}}} action, here: https://core.trac.wordpress.org/ticket/30341#no0.
The {{{extra_tablenav()}}} function in {{{class-wp-users-list-table.php}}} provides a hook for adding extra filtering options ({{{restrict_manage_users}}}), but there's no way to add extra markup (links, buttons, additional help text, etc.) after the 'Filter' button. I propose adding an additional hook to allow additional markup to be added here.
Adding a hook here may only have fringe use cases, but I don't see a reason not to include it as it won't affect any existing functionality and will make the post and page list tables just a little bit more extensible." antonioeatgoat
Tickets Awaiting Review 41199 Allow the optional editing of an author slug Users normal normal Awaiting Review enhancement reopened 2017-06-29T09:40:26Z 2017-06-30T13:35:17Z "At the moment an author slug cannot be changed, although plugins are available to allow this. I believe that WordPress should be able to do this, ""out of the box"".
Changes to names, whether through marriage, change of sexual orientation or many other reasons, are important to the individuals that go through it. The original slug, by remaining unchanged, is still the link to an authors page on WordPress and may be the last thing an author, post name change, wants to see.
I think, as a very basic change, there should be the option to change this slug, if required (but not a requirement because of how it will affect existing author links). To take this a stage further, if possible, we should also add the option to allow the original slug to also work too." dartiss
Tickets Awaiting Review 43635 Allow to (only) store users in an external user database/backend Users 4.9.4 normal normal Awaiting Review enhancement new has-patch 2018-03-26T16:06:39Z 2018-03-26T16:18:02Z "Hi,
I'm busy on a project where I want to use an external user backend. Various solutions exist to mirror the user database to a remote service, but my goal was to have an entirely empty wp_users and wp_usermeta table. If my wordpress installation were to be compromised, this would provide an extra layer of security.
I was pleasantly surprised by the vast number of hooks that were already present to accommodate this, and only a few small modifications were necessary to also support my use case.
Please see the attached patch. Feedback is appreciated, of course." freeaqingme
Tickets Awaiting Review 41937 "Change name of ""wp-settings-"" and ""wp-settings-time-"" cookie" petertoi Users normal normal Awaiting Review enhancement assigned has-patch 2017-09-21T04:14:42Z 2018-02-21T20:39:54Z "There is no option to change the cookie names of:
- wp-settings-time-
- wp-settings-
Can you add options?
It will be nice to add in wp-config.php like other cookies?
Thanks in advance." Neustradamus
Tickets Awaiting Review 43013 Confirmation Email workaround Users 4.9.1 normal normal Awaiting Review enhancement new 2018-01-02T21:41:35Z 2018-01-02T21:41:35Z "This is a follow-up to #16470.
Not after support but have a question about this new addition on single-site installs. When I set new client websites up, I change the administrator email address (mine) to a non-administrator user (the client) so I don't want them having to click an email to confirm the email change. To workaround this I access wp_options via phpmyadmin and change the email address in there, but if I refresh the General Settings there is a message stating that there is a pending change TO the email address I have changed from, so I click to cancel (which leaves the new email address set).
Would just like confirmation that this method is OK for my own reasons and that no confirmation emails would be sent by doing this.
Thanks" adejones
Tickets Awaiting Review 36715 Contextual help to describe what roles are Users normal normal Awaiting Review enhancement new 2016-04-29T02:32:32Z 2016-07-25T19:14:15Z "Roles are not exactly self-explaining ""What's the difference between a contributor and an author?"" is probably a confusing question for new users.
We have help text to describe what roles are in the Help dropdown on the Add New User page, but it's rather out of the way.
I'd like to suggest moving this help text closer to its context, in the form of a tooltip next to the Role dropdown in the Add New User form." ericlewis
Tickets Awaiting Review 23857 Delete User Should Delete Comments Users 3.5 normal normal Awaiting Review enhancement new 2013-03-25T07:10:55Z 2015-09-02T03:08:16Z The delete user function should also delete that user's comments or attribute that users comments to the person specified. That way, deletion of accounts goes a lot smoother. jamcat22
Tickets Awaiting Review 26195 Deleting users asks for reassigning posts even when there is no post/comment Users 3.7.1 normal normal Awaiting Review enhancement new dev-feedback 2013-11-24T14:35:55Z 2015-04-10T19:05:49Z "When deleting a single user or bulk deleting users, the confirmation page asks what should be done with the posts of the user.
However, this question should not be displayed, if the sum of the posts of these user(s) is 0. Then, the delete button should become immediately active.
This change would make deletion safer, as ""real"" users would be less likely to be deleted in error.
Recommended user interface:
- No posts present: ""This user/these users have no post"", followed by an active ""delete users"" button
- Posts present: ""This user/theses users have a total of [number] posts"", followed by the current delete/assign query.
" MarcelWaldvogel
Tickets Awaiting Review 25765 Directory of users, listing with the role Users normal normal Awaiting Review enhancement new 2013-10-30T00:35:07Z 2015-09-20T20:25:54Z It took me a list of users, with a large site with many levels to know what are administrators, a simple list and still continue seeing the other functions. valeriosza
Tickets Awaiting Review 31880 Expand wp_dropdown_users $show argument to allow custom user meta field Users 4.1.1 normal normal Awaiting Review enhancement new 2015-04-03T14:45:57Z 2015-04-03T14:45:57Z "I would love to be able to pass a custom user meta field to the 'show' argument, perhaps with fallback to the default 'display_name' if not present for a user.
Thanks!" adambundy
Tickets Awaiting Review 28160 Get authors user query in-efficient when dealing with large numbers of users. Users 3.9 normal major Awaiting Review enhancement new 2014-05-07T09:11:21Z 2017-07-12T16:13:04Z "When in WordPress admin the following query is run:
{{{
SELECT
wp_users.ID,
wp_users.user_login,
wp_users.display_name
FROM wp_users
INNER JOIN wp_usermeta ON (wp_users.ID = wp_usermeta.user_id)
WHERE
1=1 AND
(
(
wp_usermeta.meta_key = 'wp_user_level' AND
CAST(wp_usermeta.meta_value AS CHAR) != '0'
)
)
ORDER BY display_name ASC;
}}}
This is getting a list of authors for the current site. Now this query is fine for small sites but is incredibly slow when dealing with large WP installations with thousands of users.
For example one of our largest WP installations has over 225K Users with over 7M usermeta records and the above query takes, on our server, over 34 seconds to complete. This is long enough for connections to timeout and the resulting data to not be cached and run over and over until the database queue is so long that PHP starts to crash.
Now the above query is generated deep within the WP_User_Query class and understand that the query is generated in such a way that allows a number of queries to be built dynamically, but the above query is very in-efficient. I've re written the query and my new query only takes 700 milliseconds to run.
{{{
SELECT
wp_users.ID,
wp_users.user_login,
wp_users.display_name
FROM wp_usermeta
LEFT JOIN wp_users ON (wp_users.ID = wp_usermeta.user_id)
WHERE wp_usermeta.meta_key = 'wp_user_level' AND wp_usermeta.meta_value != '0'
HAVING wp_users.ID IS NOT NULL
ORDER BY display_name ASC;
}}}
I'm looking into how I can improve the queries in the WP_User_Query class but thought it would be good to bring this to the attention of some core devs." l3rady
Tickets Awaiting Review 31186 Get more info about the modified author Users 4.2 normal normal Awaiting Review enhancement new has-patch 2015-01-30T19:35:32Z 2015-04-28T06:35:18Z Let's let the developers to have access to all the modified author meta not just the display name.Using the function get_the_modified_author() . alexandruias
Tickets Awaiting Review 43601 Improve error messaging when activating multisite users Users trunk normal normal Awaiting Review enhancement new has-patch 2018-03-21T16:15:56Z 2018-03-21T17:25:15Z "We had a user on a multisite network try to activate their account and the only error message you get it ""Could not create user"". This is not helpful. We had to go digging through core to figure out why.
Right now it uses wpmu_create_user() which returns false if wp_create_user() returns an error, instead of returning the error message from wp_create_user(). An easy improvement would be for wpmu_create_user() to return this error message instead.
I've created a patch for a starting point. Will involve discussion over how much we want to update messaging for other interactions that use wpmu_create_user()." bamadesigner
Tickets Awaiting Review 38109 Improvements to user deletion Users 4.6.1 normal normal Awaiting Review enhancement new 2016-09-20T13:50:32Z 2016-09-20T13:50:32Z "User deletion in WordPress, at the moment, is not straightforward.
When you click ""delete"" on users who have authored content, you are presented with this ultimatum:
[[Image(https://i.imgur.com/11ex3hz.png)]]
At my company, we build and host WP sites for clients and we almost never make decisions about content. But we do sometimes want to delete users, for instance in the situation where a person who works for a client leaves their position as they have been promoted or left for another job. In that case we would like to be able to delete the user account of that person. But without knowing how to answer the question of which user to assign their content to, we're forced to ask the client to make that decision.
With a view to making it possible for sysadmins to delete users without having to consult with the client, I'd like to propose two solutions:
1. WordPress disassociates user accounts from authorship information (like in the Automattic plugin [https://wordpress.org/plugins/co-authors-plus/ co-authors-plus])
2. WordPress allows deactivating user accounts so that the user can no longer login or reset their password, but the account still exists" tomdxw
Tickets Awaiting Review 6148 Internationalization of personal names Users normal normal Awaiting Review enhancement reopened has-patch 2008-03-10T17:51:37Z 2017-07-05T20:07:59Z "(Please excuse if this ticket lacks technical details. I am not a developer, merely an interested user.)
WordPress currently allows users to register using the fields ""first name"" and ""last name."" These terms, and the limitation of only two fields, do not allow for the differences in naming conventions worldwide. The assumptions made by WP's design not only affect its use in its base English-language version, but also hampers localization efforts.
Richard Ishida [http://rishida.net/blog/?p=100] says:
""People who create web forms, databases, or ontologies in English-speaking countries are often unaware how different people’s names can be in other countries. They build their forms or databases in a way that assumes too much on the part of foreign users.""
And:
""If you do still feel you need to ask for constituent parts of a name separately, try to avoid using the labels ‘first name’ and ‘last name’, since these can be confusing for people who normally write their family name followed by given names.""
Matthew Sachs also writes on this subject here: [http://zevils.com/2007/12/28/internationalization-of-names/]
One possible approach to internationalization of personal names might be something like this:
-- Allow for multiple name fields in user registration[[BR]]
-- Remove culturally-specific labels like ""first name"" and ""last name""[[BR]]
-- Use the existing ""display name publicly as"" dropdown list to allow the user to specify the proper phrasing of his/her name[[BR]]
-- Allow user name sorting flexibility. Currently author lists are sorted by first name, alphabetically, which is incorrect for English and many European names. Adding a ""sort name by"" dropdown list would allow for more flexible sorting of names within such applications as wp_list_authors.
" aradams
Tickets Awaiting Review 40265 Introduce an 'All Network Users' view to multisite user list tables Users 3.0 normal normal Awaiting Review enhancement new has-patch 2017-03-25T18:58:34Z 2017-03-26T10:01:35Z "Bulk managing users on WordPress multisite is not an easy process.
As part of a push to improve the ability of network administrators to bulk add users to sites, I'm proposing the introduction of an `All Network Users` view when viewing the `Users` screen for an individual site on Multisite, and on the `Users` tab when editing a site from the network admin screen.
The benefit this provides is that a network administrator can quickly add users to a site in bulk; something that's not currently possible without the aid of a bulk user management plugin or WP-CLI." johnbillion
Tickets Awaiting Review 36860 Introduce filter for users_have_content within delete action of users.php Users 4.6 normal normal Awaiting Review enhancement new 2016-05-17T04:52:34Z 2016-05-23T21:09:09Z "Hello,
I'd like to request an enhancement on the delete action for users.
Idea - https://wordpress.org/ideas/topic/introduce-filter-for-users_have_content-within-delete-action-of-usersphp?replies=1#post-30346
The addition of a filter for line 220 of the users.php
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/users.php#L220
Proposed filter;
{{{#!php
[exclude] =>
[fields] => all_with_meta
[meta_key] => last_name
[meta_value] => M%
[meta_compare] => LIKE
)
}}}
This is the query the WordPress constructs for me:
{{{
[01-Feb-2013 16:01:08 UTC] WP_User_Query Object
(
[query_vars] => Array
(
[blog_id] => 1
[role] =>
[meta_key] => last_name
[meta_value] => M%
[meta_compare] => LIKE
[include] =>
[exclude] =>
[search] =>
[search_columns] => Array
(
)
[orderby] => login
[order] => ASC
[offset] =>
[number] =>
[count_total] =>
[fields] => all_with_meta
[who] =>
)
[results] => Array
(
)
[total_users] => 0
[query_fields] => wp_users.ID
[query_from] => FROM wp_users INNER JOIN wp_usermeta ON (wp_users.ID = wp_usermeta.user_id)
[query_where] => WHERE 1=1 AND ( (wp_usermeta.meta_key = 'last_name' AND CAST(wp_usermeta.meta_value AS CHAR) LIKE '%M\\%%') )
[query_orderby] => ORDER BY user_login ASC
[query_limit] =>
}}}
----
As you can see, the LIKE clause is escaped and wrapped with SQL wildcard operators. I can't figure out how to prevent this from happening as what I want is ""LIKE 'M%'"" to be my actually query.
Andrew Nacin wp@andrewnacin.com via lists.automattic.com
11:24 am (1 day ago) to wp-hackers
Currently, ""LIKE"" prepends and appends wildcards, as in %term%. We could add ""%LIKE"" and ""LIKE%"", though that would not help with the situation where you want LIKE taken literally, potentially without % wildcards at all. (Such as using _ as a single-character wildcard, or looking for case insensitive matching.) Probably the best way to add to this API would be to allow for a 'like_escape' => false; that would accept your value as provided. If you'd like to submit a ticket (and patch), this can definitely find its way into 3.6.
Nacin
----
I have prepared a patch to meta.php which allows escaped LIKE and NOT LIKE meta compares to work properly.
" mpwalsh8
Tickets Awaiting Review 37899 Make Profile Picture Section of Edit User Admin Page Filterable Users 4.7 normal normal Awaiting Review enhancement new 2016-08-31T19:52:52Z 2017-02-02T12:55:00Z "Currently the Edit User page contains a section under the Biography showing the user's Profile Picture (avatar). This picture isn't editable, because WordPress uses Gravatar.
This behavior isn't typical. More commonly, websites with self-created user accounts also allow the user to upload a custom profile picture. There are a number of plugins which implement this behavior:
https://wordpress.org/plugins/custom-user-profile-photo/
https://wordpress.org/plugins/metronet-profile-picture/
https://wordpress.org/plugins/wp-user-avatar/
https://wordpress.org/plugins/basic-user-avatars/
https://wordpress.org/plugins/simple-local-avatars/
They all share a problem though, which is that they can't touch the native Profile Picture section. They all add their own HTML elsewhere on the page. This results in an Edit User page with two Profile Picture sections. CSS can hide the native non-editable section, but that's not ideal.
I'd like to propose that we make the native profile section filterable, so that plugins can override it to enhance it directly rather than adding another section to the page.
If we move the hard-coded HTML of that section into a function call that is filterable, plugins could just enhance the native section itself. This would prevent multiple Profile Picture sections and keep everything in the native location on the page.
Alternatively and less ideally, just adding a do_action() call at the end of the native Profile Picture section would at least allow for the new controls to be added in the correct location on the page." Kelderic
Tickets Awaiting Review 39829 "Missing Filter before user is created within ""wp_insert_user"" function" Users 4.7.2 normal normal Awaiting Review enhancement new 2017-02-10T04:21:43Z 2017-05-16T04:18:03Z "The ""wp_insert_post"" function has a filter called ""wp_insert_post_data"" that filters the post data right before the post is created.
For me the ""wp_insert_user"" function should have as well a filter right before the user is created in the database.
Unfortunately it doesn't exists. There is a action called ""user_register"" that lets me do something once the user is created, but it doesn't let me modify the actual data the ""wp_insert_user"" function returns.
Background:
I use the ""wp_insert_post_data"" filter to assign a random unique ID to each new post. This is helpful if you have a custom post type with sensitive data, where you don't want to make public how many exists or get created per day. (If the post ID is only auto increated each day, you could get this information by quering once in the morning and once in the night).
But it's impossible to assign a random unique ID to a newly created user. Or actually, it is not possible, I can hook into the ""user_register"" action and udpate all database tables with a new user id. But I can not use that new information as the ""wp_insert_user"" function will still return the old ID.
" jaschaio
Tickets Awaiting Review 43318 New filter suggestion for manage_users-network_custom_column Users trunk normal normal Awaiting Review enhancement new 2018-02-14T16:00:50Z 2018-02-14T16:00:50Z "Hi.
In a multisite installation, currently a custom column for the users list table uses the filter ''''manage_users_custom_column'''' for both network users admin table and single subsite users admin table.
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-ms-users-list-table.php#L398
This is a bit confusing for plugin development since all the other filters and actions used in the network users admin table are based on the $screen->id, which for the network users admin page is ""users-network"".
For example the filters: ""'''manage_users-network_columns'''"" and ""'''manage_users-network_sortable_columns'''""
The attached is a suggestion for introducing the filter ''''manage_users-network_custom_column'''', without dropping the support for 'manage_users_custom_colunm." lenasterg
Tickets Awaiting Review 29128 Number of pages owned by a user is not shown under Users >>> All Users Users 3.9.1 normal normal Awaiting Review enhancement new 2014-08-06T07:52:28Z 2015-11-01T15:31:07Z "This would be very useful in case you'd like to delete a user and want to keep some of the content that the user created. Right now you only have the possibility to see the number of posts so it would be great if another column with pages can be added.
Thanks" bflo
Tickets Awaiting Review 22328 Pass reset password URI to retrieve_password_message filter Users 2.8 normal normal Awaiting Review enhancement new 2012-10-30T23:34:17Z 2015-05-08T08:23:26Z "The arguments for the retrieve_password_message filter are the message itself and the reset key. However the URI requires the user login as well in order to be valid, thus we cannot regenerate the password reset link without it.
Proposed solution - pass the reset URI instead of just the key." ejdanderson
Tickets Awaiting Review 35778 Populate Website URL profile field for the 1st user after install EFAREM Users normal normal Awaiting Review enhancement assigned has-patch 2016-02-08T16:57:20Z 2017-07-10T05:31:17Z "When a new WP install is made, the 1st user (admin) could have the ""Website"" profile field (displayed at /wp-admin/profile.php) populated with the site's URL, as this will most likely be his choice anyway. This field is likely used by some plugins (for displaying author bio etc.), so we can make this a bit easier and less likely to be left empty." eclare
Tickets Awaiting Review 39347 Role Column In Multisite's User List, Augment User Profile to Show Sites/Roles Users 4.7 normal normal Awaiting Review enhancement new 2016-12-20T19:13:26Z 2016-12-20T22:40:35Z "WordPress multisite's network user list displays sites per user but does not offer a column with the user's role on each one. It would be helpful to add a column to the right of 'Sites' named 'Role' with their role on each one. Network administrators would appreciate this enhancement, to show users' roles at-a-glance and verify they were set appropriately.
Currently the workflow is to open each individual sites' settings and click on the Users tab. This is cumbersome if you just need to verify role levels.
It would be helpful to see the same information in each users' profile (a list of sites associated with the user, and their role on the site)." anseltaft
Tickets Awaiting Review 37934 Separate account settings and profile settings Users normal normal Awaiting Review enhancement new 2016-09-03T13:36:41Z 2018-02-13T08:33:52Z "Current limitations of profile management in WordPress:
On `wp-admin/profile.php` there's too much you can do:
* Change personal preferences
* Account and session management
* Update publicly visible profile data
If plugins add additional fields to that page, it gets very long quite quickly. Even without plugins you have to scroll all the way down to change your password. Pretty sure you change your password more often than disabling the visual editor, so that order isn't ideal.
Idea:
Separate account management and profile settings. Platforms like WordPress.com, Facebook or Twitter do this for a reason.
This was recently mentioned in a discussion about adding 2FA to core, see https://wordpress.slack.com/archives/core/p1470765550002658.
The plugin I mentioned there: https://wordpress.org/plugins/wp-user-profiles/
Slightly related: #26769.
Account management:
* Change backend preferences
* Change email address
* Change password
* Log out everywhere else (perhaps with a session overview in the future as was originally the plan)
Profile management:
* Show/change profile picture
* Change biographical info like name, contact methods" swissspidy
Tickets Awaiting Review 32234 Streamline parameter order of get_user_option() Users 4.2.1 normal normal Awaiting Review enhancement new 2015-05-02T09:23:52Z 2018-02-19T18:37:09Z "`get_user_meta()` expects `$user_id`, followed by `$meta_key`. So do `update_user_meta()`, `delete_user_meta()`, `update_user_option()` and `delete_user_option()`.
`get_user_option()` sticks out in that it expects these parameters in reversed order, which just caused me some major frustration even though I had looked it up before.
To enable backwards compability, we could test which of the two parameters is an integer and then swap them if necessary (unless of course meta keys can be integers too, I have not checked that, but it seems unlikely)." mechter
Tickets Awaiting Review 37641 Support queries on `spam` and `deleted` fields in `WP_User_Query` on multisite Users 3.1 normal normal Awaiting Review enhancement new has-patch 2016-08-12T09:54:11Z 2016-08-18T15:18:15Z The users database table on multisite contains two additional fields `spam` and `deleted` which need to be queried in some cases. For example the function `wp_update_network_user_counts()` makes a direct SQL query at the moment, but that could be improved if `WP_User_Query` supported these fields (only on multisite that is). flixos90
Tickets Awaiting Review 40149 WordPress password strength checking is improved, but the hint now doesn't help Users 4.7.3 normal normal Awaiting Review enhancement new has-patch 2017-03-14T00:37:07Z 2017-09-27T01:34:33Z "WordPress 4.7 has vastly improved password strength checking.
This is great.
However, the password hint function wp_get_password_hint() provides information that's essentially contradicting the approach that the password checker uses.
Mind that the check tool now used (built by someone at Dropbox) takes into account that (for instance) random word phrases are easy to remember as well as difficult to crack, while using upper/lowercase and letter->digit substitution are easy to crack while being more of a hassle to remember.
Ref also the famous XKCD cartoon on this topic: https://xkcd.com/936/
What does the WP Core default string read?
{{{
'Hint: The password should be at least twelve characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! "" ? $ % ^ & ).'
}}}
Yes we can override this using the 'password_hint' filter, however I think it'd be great to provide a better base text for default installs.
Proposed new text:
{{{
'Hint: longer is stronger (at least 12 characters), and consider using a sequence of random words (ideally non-English).'
}}}
" arjenlentz
Tickets Awaiting Review 37338 add filter in get_data_by Users 4.5.3 normal normal Awaiting Review enhancement new 2016-07-12T10:45:06Z 2016-07-12T10:45:06Z "Basically I need to encrypt user_email field in the database,
I can enrypt them using following filters:
`email_change_email`
`pre_user_email`
now what i need is to decrypt them when getting retrieved from database,
as far as I say in the core, this may be done by applying a new filter in `wp-includes\class-wp-user.php#get_data_by( $field, $value )` method, right before this line
`update_user_caches( $user );` (LN:239)
for this to work, `$value` needs to be filtered based on `$field` as well (cause this is the value that sits in the query in `Line# 235`, so I think three filters in `Line# 207` switch branches should do the trick.
" muhammadn
Tickets Awaiting Review 26962 in wp-admin/profile.php no restoration filled if an error occurs fields. Users 2.0 normal normal Awaiting Review enhancement new 2014-01-30T11:55:59Z 2015-10-03T23:37:05Z "I just saw that if the fields are filled and that we delete such a required fields (or causing an error in the syntax of email for example), no mechanism is in place to restore the information specified by the user, everything is reset.
This mechanism is however in place in the ""wp-admin/user-new.php"" when we disable javascript." QuarkSEO
Tickets Awaiting Review 40518 multisite users table should use user's ID to get the avatar Users 4.7.4 normal normal Awaiting Review enhancement new 2017-04-21T18:51:08Z 2017-08-24T17:31:19Z "In class-wp-users-list-tables.php, the get_avatar() uses WP_User 's ID.
{{{#!php
ID, 32 );
// Comma-separated list of user roles.
$roles_list = implode( ', ', $user_roles );
$r = ""

"";
}}}
(around line 438)
However, in class-wp-ms-users-list-table.php, the get_avatar() uses WP_User 's email address.
{{{#!php
user_email, 32 );
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
echo $avatar;
}}}
(around line 238)
In my opinion, class-wp-ms-users-list-table.php should have the same behaviour. And we have already known that the user has been registered. So we should better use the User's ID." mc256
Tickets Awaiting Review 27377 profile_update action with old_user_data should include the additional_user_keys data? Users 2.7 normal normal Awaiting Review enhancement new 2014-03-12T14:41:52Z 2015-10-03T23:32:17Z "Currently, when a users profile is updated, the `profile_update` action is called with the $user_id and $old_user_data as parameters.
$old_user_data is an object containing only the basic WP_User fields, but none of the additional user keys (first_name, last_name, etc. are not part of this object)
It would be nice if $old_user_data actually contained all (WordPress defined) userfields.
That way, one could for example write a plugin to email changes to an administrator, but only when there actually was a change!
Relevant code is in `wp-includes/user.php`, the `wp_insert_user()` method.
" joostdekeijzer
Tickets Awaiting Review 23430 sanitize_user() disallows + in usernames causes problem for email as username Users 3.5.1 normal minor Awaiting Review enhancement new has-patch 2013-02-09T08:48:31Z 2015-08-28T02:11:02Z "I want to use email addresses as usernames which seems to work fine, except sanitize_user() doesn't allow a + in the username and my email addresses have + in them.
Google/gmail allows one to use a + modifier on emails like so:
user+admin@gmail.com, user+editor@gmail.com, user+author@gmail.com, etc...
I often use this to get around WordPress's requirement for unique email addresses but it's also intended for and useful in filtering: user+blog1@gmail.com, user+blog2@gmail.com, etc...
Is there a reason we can't allow +'s in usernames or could it be moved to the strict case only?
See formatting.php:892
" jb510
Tickets Awaiting Review 43273 set users_can_register to 0 by default Users trunk normal normal Awaiting Review enhancement new 2018-02-09T17:40:35Z 2018-02-09T20:01:56Z "People are abusing the new-user-registration form of wordpress to send (single) unwanted emails from a large amount of websites to someone they want to inconvenience.
For more info on this ""trolling"" technique have a look at this article:
https://www.wired.com/story/how-journalists-fought-back-against-crippling-email-bombs/
In my experience (support at a few different webhosting companies) the user registration feature is not used by the majority of users, however it causes a few negative effects when it is left '''on''' by default.
Negative effect 1: People get spammed, see the article from wired for more explanation.
Negative effect 2: The databases of the websites that are abused in this way are filled with (inactive) fake users. In my relatively small sampling this was between 1.000 and 6.000 fake users. This database pollution is unwanted.
Negative effect 3: The recipients of these emails mark them as spam, this gives the mailservers used for sending these emails a bad reputation, this in turn makes it more likely that other (wanted) emails are going to be rejected.
Setting the users_can_register value in the database to 0 by default seems like a really easy way to quickly solve this issue for practically all new WordPress sites from here on out.
Maybe a fix can also be proposed for fixing this for existing sites as well, for example switching it to 0 in a single update." kingannoy
Tickets Awaiting Review 24972 wp_dropdown_roles() multiple pre-selected options Users 3.6 normal normal Awaiting Review enhancement new has-patch 2013-08-06T18:24:31Z 2017-09-27T20:48:15Z "Hi,
I would like to suggest a patch to wp_dropdown_roles() to enable multiple pre-selected options.
Below you'll find the diff and the full featured function.
I'm not sure whether Trac is the right place to put this. If not, please let me know how to procede
{{{
diff -r e185f8cbbec5 wp-admin/includes/template.php
--- a/wp-admin/includes/template.php Tue Aug 06 11:50:50 2013 +0100
+++ b/wp-admin/includes/template.php Tue Aug 06 19:11:37 2013 +0100
@@ -751,9 +751,19 @@
/**
* Print out

"";
}
echo $p . $r;
}
}}}" PauloASilva
Tickets Awaiting Review 22310 wp_insert_user bit ilogical with rich_editing Users 4.9.5 normal normal Awaiting Review enhancement new 2012-10-30T09:08:56Z 2018-05-12T18:51:54Z "when you do wp_insert_user with rich_editing = TRUE it actually set rich_editing to ""1"" what is then interpreted as FALSE. I know (after searching why it does not work for me), that for actually setting true you need to set rich_editing to empty value, but anyway i think it is not optimal" thomask
Tickets Awaiting Review 39067 wp_insert_user custom validation Users normal normal Awaiting Review enhancement new has-patch 2016-12-04T19:29:02Z 2016-12-23T13:36:54Z "Currently there are no hooks in wp_insert_user where plugin can hook to validate any custom validation and prevent to insert/update user.
If there can be added a hook before insert/update user to database, that will be very helpful for custom validation.
sample code can be following
{{{#!php
$custom_user_validate = apply_filters( 'custom_user_validate', false );
if ( is_wp_error( $custom_user_validate ) ) {
return $custom_user_validate;
}
}}}
" shamim51
Tickets Awaiting Review 41950 wp_insert_user() should accept a meta_input argument Users 2.0 normal normal Awaiting Review enhancement new 2017-09-22T02:58:33Z 2017-09-22T03:01:52Z "`wp_insert_user()` does insert user meta, but only meta generated by the function (`nickname`, `first_name`, etc.), or added to that list by using the `insert_user_meta` filter.
It would be nice to be able to pass the additional meta to the function when called, like in `wp_insert_post()`." desrosj
Tickets Awaiting Review 39787 wp_list_authors can be optimize Users 4.8 normal normal Awaiting Review enhancement new 2017-02-05T01:52:55Z 2017-02-05T01:52:55Z "May be i don't understand but look at this line
https://core.trac.wordpress.org/browser/tags/4.7/src/wp-includes/author-template.php#L392
{{{#!php
392 $author = get_userdata( $author_id );
}}}
Why we should call `get_userdata()`? At top we call `$authors = get_users( $query_args );` and can return display_name and user_nicename in next foreach section without `get_userdata()`.
And will be nice add filter by role. Because wp_list_authors means authors not subscribers or editors.
" alexufo
Tickets Awaiting Review 37976 wp_users deleted but warning does not appear. Users 4.7 normal normal Awaiting Review enhancement new 2016-09-07T21:19:43Z 2016-09-08T03:43:18Z "Hi,
Shortly before for to try I deleted wp_users but warning does not appear.
Wp-admin entered new user create form or warning appear needed.
Thanks" truser
Tickets Awaiting Review 36368 Add `access_admin` capability Users normal normal Awaiting Review feature request new dev-feedback 2016-03-29T13:55:09Z 2016-09-16T10:41:32Z "Many, many plugins do various types of checking of capabilities the determine if a user should ''really'' have the ability to view the WordPress admin. It's very common to prevent that from happening.
Within WordPress's roles and capabilities, there are many checks that have something to do with the admin, like `edit_posts` and myriad others, but there isn't one that's an explicit `admin_access` check.
Even a Subscriber role sees the toolbar by default, only to be able to edit their profile and see WordPress news, the activity widget (and Akismet stats btw) once they log in. I can't imagine many scenarious where this is truly wanted by site administrators -- for lower level users to even know what CMS the site uses, much less view the admin.
I'd love to see `admin_access` or a similar capability enabled in core. I think for backward compatibility reasons, it may have to be set to `true` for all roles by default, but at least plugins would have a standard capability to flag for disabling it.
It'd also be nice as a ""Reading"" option for the site owner to choose roles that should have access to the admin and would trigger this capability -- but that's probably wishing too much from a core standpoint.
@drewapicture has a plugin called [https://wordpress.org/plugins/remove-dashboard-access-for-non-admins/ Remove Dashboard Access] that has a [https://cloudup.com/cn67XAgAIop pretty thorough UI], if folks were interested in taking this the next step, but I'd rather focus on the capability itself as the primary mission of this ticket.
To me this is a new user experience issue and would make for a very helpful flag for plugin authors, at a minimum." krogsgard
Tickets Awaiting Review 34821 Allow creating users without an email address Users 4.3.1 normal normal Awaiting Review feature request new 2015-12-01T16:33:55Z 2015-12-02T04:16:49Z "My current use case is kind of a family history website. It would be nice to get every family member an account, but some don't even have an email address and it is not necessary anyway, or is it?.
Several workarounds have been suggested on several forums, including (A) fake emails, (2) the ""Allow Multiple Accounts"" plugin for using one email for all and (3) some hackery that I wouldn't want to try. ;)
[https://wordpress.org/support/topic/add-user-without-email-adress]" stevenbauers
Tickets Awaiting Review 41051 Confirm use of weak password Field show when removed password Users 4.8 normal normal Awaiting Review feature request new has-patch 2017-06-15T05:29:04Z 2017-08-10T13:12:44Z "Need to change jquery when password not exits hide ""Confirm use of weak password"" checkbox value.
[[Image(http://imgur.com/a/Pmwe7)]]
" ravipatel
Tickets Awaiting Review 34615 Make it possible to disable a user account Users normal normal Awaiting Review feature request new 2015-11-07T17:38:43Z 2016-11-08T20:20:38Z "There should be a possibility to flag a user account as ""disabled"". A disabled user should
1. not be able to log in to WordPress anymore, and
1. not receive any email notifications (e.g. comment notifications) anymore, but
1. all the posts he wrote should still be assigned to him.
This is useful in the case that an author or editor of a WordPress blog leaves the company and they would like to delete his user account. However, if they did, they'd have to delete all his posts or assign them to another user.
[http://9seeds.com/tech/how-to-disable-wordpress-user-accounts/ This blog post] lists some possible workarounds, but none of them satisfies all three requirements stated above." thomaswm
Tickets Awaiting Review 41931 Not possible to add custom display_name option Users 4.8.2 normal normal Awaiting Review feature request new has-patch 2017-09-20T15:42:28Z 2017-09-20T16:28:26Z "In The Netherlands we do have insertion names, to be placed in between the first and last name. It is possible to add a custom field during registration, but in order to give the user the option to include the insertion name in his display_name, a core modification is necessary.
Hereby the request to add a line to wp-admin/user-edit.php at line 422:
{{{#!php
Settings, or to filter `'wpmu_validate_user_signup'` and remove the error messages.
Having to manually change settings for this purpose is pretty hackish. The filter method works, but my experience (from consulting with a fairly large number of MS network admins) is that this is a pretty common use case, so it seems like it should be supported by default.
So I'm proposing that the domain checks be skipped when `is_super_admin()`. Patch attached." boonebgorges
Candidates for Closure 34316 User status inconsistent between single-site & multisite Users 1.5 normal normal Awaiting Review enhancement new needs-unit-tests 2015-10-15T19:00:15Z 2017-09-27T15:30:10Z "The way a user's status is defined in WordPress differs between single-site and multisite:
* In single-site, the `user_status` column is used
* In multisite, there are two additional columns for `spam` and `deleted`
Not only this, but the `update_user_status()` function is multisite only, and the `user_status` column is an integer without an API to help announce what values equate to what results.
On the plus side, user statuses aren't really ever used in core. Marking users as spammers in multisite installations is the only real benefit of this feature as it exists today. I'd like to propose the following:
* Stop creating the the `spam` and `deleted` columns in `wp_users` on new installations
* ALTER the `user_status` column from `INT(11)` to `VARCHAR(20)` ala `wp_posts`
* A bevy of `wp_register_user_status()` like functions to introduce bonafide support for them
* A database upgrade routine to move user status `0` to `active` and `1` to `spammer`
* A new index on the `wp_users` table for the updated `user_status` column type. We may need a few, based on how users are commonly queried in core, BuddyPress, etc...
* Update the `WP_User` and `WP_User_Query` classes to suss out any `user_status` inconsistencies
A few considerations worth noting:
* Large installations would need to manually perform these DB upgrades. I'm embarrassed to say I've personally frozen WordPress.org for several minutes years ago by missing a `DO_NOT_UPGRADE_GLOBAL_TABLES` check on the `wp_users` table
* Several plugins use their own values in the `users_status` column, assuming their numeric ID is unique and special. The authors of these plugins would need notifying, and their code updating to support the above ideas
* This work *could* parlay into the Post Status API that's on infinite back-burner. There are some really excellent ideas floating around about how `post_status` could work that would translate nicely to users, too" johnjamesjacoby
Candidates for Closure 34927 user_url and user_email length too short Users normal normal Awaiting Review enhancement new dev-feedback 2015-12-09T06:26:38Z 2018-05-14T19:32:04Z "I have been adding users to my client's site with no issues, until I got to a user with a .edu email address. I add the user details as normal. Click the Add New User button and get the message ""New user created"". No error message at all. But the user has not been created. I tried 3 times, same result. I have turned off all plugins and changed to the wordpress default theme (2015). Same issue.
What I expect to happen: When I add a user I expect them to be added to the Users list.
What happens: when I add a user with a .edu email address, there is no error message, I get message ""New user created"", but the user is not in the user's list. These users should also appear in the Author drop down in posts (because they are added with Author role), but the new user does not appear in the Author dropdown eiither.
Using Firefox 42.0 on Mac OS X Yosemite.
Same issue happens with Safari 9.0.1 on Mac OS X Yosemite. " DonnaMiller
Candidates for Closure 43886 "Chrome autofills password over ""new password"" field when updating user." Users trunk normal normal Awaiting Review feature request new dev-feedback 2018-04-27T21:25:28Z 2018-04-27T21:26:05Z "Chrome, the wonderful browser that it is, is super helpful.
When editing a user (even your own), and attempting to update the password with a nice strong one, Chrome will (helpfully) insert *your* old password into the new password field, right when you click update. (You can tell, because the length of the password will change to your passwords length).
Incognito Mode fixes it, apparently, and uninstalling Chrome in favor of Firefox seems to work too.
From what I've been able to guess, it's because of Chrome's unique implementation of completely ignoring `autocomplete=""off""` https://bugs.chromium.org/p/chromium/issues/detail?id=370363#c7 and suggests `autocomplete=""new-password""` instead.
Alternatively, `` could possibly work. https://stackoverflow.com/questions/15738259/disabling-chrome-autofill
It does seem to make sense to disable autocomplete completely on the edit-user form, since it's not actually useful to fill in some random user's info with info from your browser...especially passwords...despite what Chrome seems to believe." WraithKenny
Candidates for Closure 35920 Function to check if user has a gravatar account Users normal normal Awaiting Review feature request new close 2016-02-23T13:48:22Z 2016-04-05T06:26:04Z "Something like {{{has_gravatar}}} would be a good function/conditional to check if the user has a Gravatar account otherwise you could set a fallback using code.
Ar present, the only way is to use all this code https://codex.wordpress.org/Using_Gravatars#Checking_for_the_Existence_of_a_Gravatar" wordpresssites
Candidates for Closure 37921 "Make ""newbloguser"" URL segment customizable/filterable" Users normal normal Awaiting Review feature request new dev-feedback 2016-09-02T16:25:45Z 2016-09-02T16:36:18Z "The built-in multisite user invitation URL is forced into using `/newbloguser/` as the invitation endpoint to all sites. When employing WordPress Multisite in an environment that isn't for blogging, this endpoint does't make much sense.
Because this value is hardcoded, the only way to change this is to roll your own invitation system entirely, which is a lot of work for a little bit of vanity.
I don't think the invitation system itself is too bad, and it will be easy to make this segment filterable." johnjamesjacoby
Tickets Needing Feedback 16020 Upload custom avatar for user in Dashboard nacin Users normal minor Future Release feature request reviewing dev-feedback 2010-12-29T08:07:53Z 2018-04-09T14:04:54Z It would be nice to be able to upload a custom avatar for a user in the WordPress Dashboard rather than making each user sign up for a Gravatar account and upload the image to that account. computerwiz908
Unpatched Enhancements 33542 User preferences API idea Users normal normal Future Release feature request new dev-feedback 2015-08-25T15:39:53Z 2017-02-05T22:49:03Z "When setting up a new site, many site Settings seem at first like user preferences even though they aren't. For sites with 1 user blogging out to the world, this makes sense, but for more robust installations a single set of site settings does not satisfy all users.
I'd like to propose a user preferences API be invented. This API would consist of a series of functions that connect usermeta to site & network options, and when invoked, will traverse the user/site/network hierarchy and use the first available setting. Something like:
{{{
$language = wp_get_user_preference( $user_id, 'WPLANG' );
}}}
Imagine then, that `wp_get_user_preference()` would first look in `wp_usermeta`, then in `wp_options` and then in `wp_sitemeta` if multisite. This is obviously a fuzzy example, and there are less obvious caveats (like what to do when usermeta keys do not match option keys, etc...) which can all be conditionally addressed as we poke holes in the idea.
----
Here are a few settings that could be candidates, taken from their verbiage in various administration screens:
General
* Timezone
* Date format
* Time format
* Start of week
* Language
Writing
* Formatting
* Default Post Category
* Default Post Format
Reading
* Blog pages show at most
* Syndication feeds show the most recent
Discussion
* Default article settings
* Email me whenever
* Avatar Display" johnjamesjacoby
Tickets Needing Feedback 16484 "Attempting to add user with username ""0"" gives fatal error" Users 3.1 normal normal Future Release defect (bug) new dev-feedback 2011-02-07T19:45:17Z 2015-05-09T00:25:50Z "Create a new user. Use the number 0 as the username. Receive this error:
> Catchable fatal error: Object of class WP_Error could not be converted to string in /Users/mark/Sites/wp/wp-includes/formatting.php on line 2818" markjaquith
Tickets Needing Feedback 23361 "Deleting a user in Network Admin still defaults to ""Delete all posts""" Users 3.5 normal normal Future Release defect (bug) new 2013-02-01T19:02:55Z 2018-05-14T16:34:28Z "Background: #20045, #23224
We should either do what those tickets suggested in Network Admin as well for consistency, or redo/remove the form, since the attribution only works for the main site, as noted in [comment:ticket:20045:14]." SergeyBiryukov
Tickets Needing Feedback 16833 Signup mechanism shortens usernames without warning Users 3.0 normal normal Future Release defect (bug) new dev-feedback 2011-03-11T15:09:23Z 2017-07-10T16:18:37Z "When a user signs up for an account on a wordpress blog, if their chosen username is longer than the limit, wordpress chops of the end of the username, without warning the user, and without offering the user the opportunity to choose again.
Steps to reproduce: Go to a wordpress blog, sign up with a long username, and read the confirmation email. An example: forum.xbmc.org, which has a limit of 15 characters." hughcharlesparker
Tickets Needing Feedback 15861 Sorting users by post count Users normal normal Future Release defect (bug) new dev-feedback 2010-12-17T10:21:24Z 2015-10-13T02:24:13Z "Currently, to enable sorting by post count, there's a JOIN made between the users table and the posts table.
This is bad, because users is a global table, which might be stored in a separate database.
Short-term solution for 3.1 is to disable sorting.
Long-term solution is to avoid the JOIN somehow. " scribu
Tickets Needing Feedback 9640 wp_update_user() blindly calls add_magic_quotes(), even on objects Users 2.8 normal normal Future Release defect (bug) reopened dev-feedback 2009-04-24T18:14:53Z 2015-05-05T22:44:47Z "If there's an object stored in usermeta, then the call to add_magic_quotes() will lead to an error in wpdb::escape():
{{{
Catchable fatal error: Object of class stdClass could not be converted to string in /web/ven/wp-includes/wp-db.php on line 472
}}}
http://core.trac.wordpress.org/browser/trunk/wp-includes/registration.php
See also #9638. The two problems are related, but probably need to be solved independently. " misterbisson
Tickets Needing Feedback 15145 Add a wp_list_users() template tag Users 3.1 normal normal Future Release enhancement new dev-feedback 2010-10-18T11:03:34Z 2018-02-28T21:50:45Z "Now that `get_users()` has been implemented (#14572), I propose we add a function called `wp_list_users()` that handles a basic list of users similar to `wp_list_authors()`. WordPress has long needed a function for handling this.
The arguments for the function would simply be the same arguments used for `get_users()`. The `wp_list_users()` function would basically be a function for outputting the HTML. The function should also have the ability to link to the user's archive page and output a link to the user's RSS feed.
This would make it easy for theme developers and users to be able to create a users list without a lot of PHP work.
An alternate idea might be to push a few more arguments into the `wp_list_authors()` function, but I don't think that's the best route to go since its primary function is to list users that have written posts." greenshady
Tickets Needing Feedback 22921 Allow get_users() to return array of values via 'fields' parameter Users 3.5 normal normal Future Release enhancement new dev-feedback 2012-12-13T17:39:24Z 2015-12-03T19:56:05Z "Currently, the `'fields'` parameter in the arguments array for `get_users()` only accepts either an array of user data fields, or the string `'all'`. Both of these options cause `get_users()` to return an array of object comprised of the specified user data. Passing any other string value to `'fields'` causes `get_users()` to return an array of user IDs.
Per the Codex:
> Array of objects, '''except when fields specifies a single field to be returned, then an array of values is returned'''. If fields is set to all_with_meta, it will return an array of WP_User objects.
This statement appears to be untrue, but would be incredibly useful if it were true.
Patch adds this functionality to `get_users()`.
Potentially related: #18581" chipbennett
Tickets Needing Feedback 11297 Don't email the admin when they create a user from the backend Users 2.9 low minor Future Release enhancement new dev-feedback 2009-12-01T12:05:31Z 2015-12-11T18:56:57Z "I just created the user myself. I already know I did it. I don't need to be told again.
Emails should only be sent to the admin when a user registers themselves (if that is enabled). They shouldn't be sent when the admin manually creates a new user." caesarsgrunt
Tickets Needing Feedback 36656 Improve UX on Add New User screen Users normal normal Future Release enhancement new 2016-04-24T17:03:48Z 2017-12-03T19:46:43Z "While working with Multisite recently, I noticed that the Add New User screen can be quite cumbersome to work with.
The screen currently serves two purposes:
1. Add existing user to site
2. Create a new user and add them to the site
It may make sense to have two different forms for that, but these are currently nearly identical, leading to user confusion. Here's an example:
[[Image(https://cldup.com/FSMdB2Gtdp.png)]]
I'd love to improve the UX on this screen, ideally by combining these forms and then use some JavaScript to conditionally display/hide the email field only needed when creating a new user. Alternatively, tabs could be leveraged to have each form on a separate page.
Thoughts?
Note: I also wrote a simple proof-of-concept plugin called [https://wordpress.org/plugins/simple-user-adding/ Simple User Adding] that could be used as a playground for this enhancement." swissspidy
Tickets Needing Feedback 33209 Inviting a new user to Multisite results in password being emailed Users normal normal Future Release enhancement new dev-feedback 2015-07-30T22:16:59Z 2018-02-17T07:22:52Z "If you add a new user from a site users page (NOT the network one, {{{/sitename/wp-admin/user-new.php}}} ) the flow results in a password being emailed in plaintext.
1) Add new user
2) New user gets email to activate
3) Activate link (ex. {{{example.com/sitename/wp-activate.php?key=5324e8cf2cef143b}}} ) shows the new password
4) The following email is sent:
{{{
Howdy anotherstenu,
Your new account is set up.
You can log in with the following information:
Username: anotherstenu
Password: 78HoBi6oFSf9
http://local.multisite-pre.dev/blarg/wp-login.php
Thanks!
--The Team @ Multisite Naked Sites
}}}
Whoops.
It looks like this can be fixed for new sites by updating wp-includes/ms-functions.php, however this is set in the database on Network Activation, which means even changing core doesn't update the myriad sites who are merrily emailing out passwords because this is set (wp admin -> Network settings -> Welcome User Email)
{{{
Howdy USERNAME,
Your new account is set up.
You can log in with the following information:
Username: USERNAME
Password: PASSWORD
LOGINLINK
Thanks!
--The Team @ SITE_NAME
}}}
The attached patch addresses new setups and doesn't break existing ones since I'm really not sure what's best here. I want to say we should edit everyone's DB and change the above block to this:
{{{
Howdy USERNAME,
Your new account is set up.
Username: USERNAME
To set your password, visit the following address:
Thanks!
--The Team @ SITE_NAME
}}}
However there are myriad people who have customized that simply because they can, and I fear the damage of breaking them." Ipstenu
Tickets Needing Feedback 12295 More support to customize user profile edit page nacin* Users 3.0 normal normal Future Release enhancement accepted dev-feedback 2010-02-19T21:14:01Z 2015-02-02T10:34:43Z "Right now I can edit the contact methods via the user_contactmethods filter, but I can not modify or remove the Personal Options or the Name Options.
I want to keep the interface as simple as possible for my users, and I don't think that they need to edit this settings at all.
If wp wants to be a cms, it should give me control over this aspect as well.
At least, give me custom css-ids, so I can remove it via css!" pampfelimetten
Tickets Needing Feedback 12682 Multiple password reset emails can be annoying Users 2.9.2 normal normal Future Release enhancement assigned dev-feedback 2010-03-23T15:51:01Z 2015-10-08T17:49:19Z "There's a security flaw mentioned in #10006: an attacker can bother users with password reset emails.
The problem was reported on support forums by a user receiving hundreds of these emails. He proposed to introduce some kind of a timeout for password reset requests. Is it possible?" SergeyBiryukov
Tickets Needing Feedback 18162 Bulk action: Add multiple users to a site Users 3.2 normal normal Future Release feature request new 2011-07-18T19:09:31Z 2018-02-26T17:51:38Z "Currently, to add a multiple users to a single site, the super admin has to edit each site, look up each username, and add new users to the site one by one.
To improve this workflow, it would be useful to be able to select which users to add from a table of users and add those users in bulk.
This ticket could have scaling problems to solve." danielbachhuber
Tickets Needing Feedback 18161 Bulk action: Add user to multiple sites Users 3.2 normal normal Future Release feature request reopened 2011-07-18T19:07:04Z 2017-07-25T01:05:56Z "Currently, to add a single user to multiple sites, the super admin has to edit each site, add the user to the site, and then go on to the next site.
To improve this workflow, it would tremendously useful to be able to add a single user to multiple sites in the network admin.
This ticket could have scaling problems to solve." danielbachhuber
Tickets Needing Feedback 14460 New Permission for no_user_edit so users with edit_users can't edit it Users 3.0 normal normal Future Release feature request new dev-feedback 2010-07-29T23:28:18Z 2015-12-03T19:35:24Z "I recently experienced a problem where I have an administrator role with full access and a site administrator role with most access including the ability add, edit, and delete users. However, I don't want the Site Administrator to be able to delete users of the role Administrator.
The change I'm proposing is a new permission or marker which states that if enabled, this user can't be changed by another user who isn't the same role. If possible, I might try to add the patch myself.
This is a fairly important issue which would is interfering with WordPress' use as a content management system, and the only work around I've found is to edit core file." brandon.wamboldt
Tickets with Patches 36341 Add a note about the 'init' hook to the DocBlock for get_current_user_id() Users normal normal Future Release defect (bug) assigned has-patch 2016-03-25T22:47:15Z 2018-02-09T16:44:54Z DrewAPicture
Tickets with Patches 36508 Call cache_users() when 'fields'=>'all' in WP_User_Query boonebgorges Users normal normal Future Release defect (bug) reviewing has-patch 2016-04-13T12:07:32Z 2016-08-31T21:55:59Z "Because roles and caps are populated (r32001), which is a meta call, we should proactively call `cache_users()` and pre-empt dozens of unnecessary meta SELECTs.
cc @boonebgorges " danielbachhuber
Tickets with Patches 31127 Can't add a new user to two sites before they've accepted their account jeremyfelt Users 3.0 normal normal Future Release defect (bug) assigned needs-unit-tests 2015-01-25T18:57:47Z 2016-04-26T16:25:44Z "In multisite, when adding a new user to a site, the user account isn't created immediately. Their info is stored in the `wp_signups` table until the user checks their email and clicks their sign-up acceptance link.
If an admin attempts to invite the user to a second site before the person has accepted their user account for the first, they'll get this message:
> That username is currently reserved but may be available in a couple of days.
> That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing." ericlewis
Tickets with Patches 15001 Duplication and incompatibilities in register_new_user() and wp_insert_user() Users 3.0 normal normal Future Release defect (bug) new needs-unit-tests 2010-09-30T19:16:11Z 2015-10-03T21:00:34Z "As a result of [12778], the commit of a patch that was part of #11644 (the MU-merge ticket), `wp_insert_user()` was modified to introduce user verification checks. The addition of these checks also introduced a number of duplications and incompatibilities between it and `register_new_user()`. (Bear in mind that `register_new_user()` calls `wp_create_user()` which calls `wp_insert_user()`.)
These issues include:
* Duplication (both run-time execution and code): both functions perform `username_exists()` and `email_exists()` checks. Ideally, we should only perform each check once, and from a single piece of code.
* Whereas both functions perform `username_exists()` and `email_exists()` checks, `register_new_user()` performs more checks (empty_username, invalid_username, empty_email, invalid_email). If the former 2 are being checked, all 6 criteria should be checked.
* `wp_insert_user()` can now return a WP_Error object, but `register_new_user()` can't handle it (I reported this in #14290)
* `register_new_user()` generates a new generic error if `wp_create_user()` (via `wp_insert_user()`) returns an error (assuming proper patch #14290), rather than passing along the more specific error it was told about
If an error is returned by `wp_create_user()`, `register_new_user()` throws a generic 'registerfail' error (`'ERROR: Couldn’t register you... please contact the webmaster !'`). However, most likely it received a more informative WP_Error object.
* `register_new_user()` allows errors to be suppressed via filters, but `wp_insert_user()` does not
`register_new_user()` has the filter 'registration_errors' which allows plugins to suppress any encountered errors. Having done so, `register_new_users()`'s subsequent call to `wp_create_user()` can generate an error (of the type already suppressed) which is then un-suppressable. This renders the 'registration_errors' filter useless for the username_exists and email_exists errors (and possibly other in the future).
----
These different issues may warrant separate tickets, but cumulatively I think they point to the need to refactor `register_new_user()` and `wp_insert_user()` to be more efficient and compatible.
This is a rare instance where I don't include an immediate patch for a ticket, but I wanted to get it out there and see if we can try and get these fixed for 3.1.
" coffee2code
Tickets with Patches 26805 Email with Apostrophe May Not Update in Multisite Users 3.8 normal normal Future Release defect (bug) new has-patch 2014-01-10T07:40:41Z 2016-02-02T02:00:20Z "From what I understand, an apostrophe is allowed in an email address before the @ sign.
The is_email function does not validate this and fails, returning false if there is an apostrophe" contrid
Tickets with Patches 20774 Flagging a user with any role on a subsite as spam leads to flagging the site as spam Users 3.0 normal major Future Release defect (bug) new has-patch 2012-05-29T12:25:52Z 2016-09-22T07:25:55Z "Hi,
Since many weeks, many WangGuard users were contacting me because they say WangGuard were flagging the sub sites as spam.
Thats not a WangGuard bug, is a WordPress issue.
Steps:
- Create a Subsite, you can add the Super Admin like site admin.
- Add a user like subscriber.
- Flag that user as spam in /network/users.php
That site will be flagged as spam although the owner were the Super Admin.
I think WordPress has to look for the user rol and only flag the sub site as spam if the rol is Administrator.
This issue is in WP 3.3.1 and 3.4" j.conti
Tickets with Patches 16293 In multisite installs, users with id 1 can't be deleted Users normal normal Future Release defect (bug) reopened has-patch 2011-01-19T00:21:34Z 2017-01-19T22:57:12Z "You can't delete a user with user id of 1.
See: source:trunk/wp-admin/network/edit.php@17326#L359" PeteMall
Tickets with Patches 30175 In multisite, on a site with only subscribers, wp_dropdown_users returns empty string jeremyfelt Users normal normal Future Release defect (bug) assigned has-patch 2014-10-29T16:57:07Z 2016-04-21T19:42:11Z "This becomes a problem when editing posts on sites with no capable users. Technically, an empty string is the expected result, as the site has no users with adequate capabilities to assign as the author of a post. (I'll propose 1 solution in a comment below.)
To duplicate:
* Setup multisite
* Create a second site
* Add a user to it as a Subscriber
* Remove yourself from that site, if necessary
* Edit the ""Hello World"" post
* Notice the ""Author"" metabox is empty" johnjamesjacoby
Tickets with Patches 17905 Multisite doesn't delete a user's posts/links upon removal jeremyfelt Users 3.0 normal normal Future Release defect (bug) assigned has-patch 2011-06-27T12:59:43Z 2015-10-13T03:04:49Z "When the ""Delete all posts and links."" radio is selected all that happens is the user is deleted but their posts are left in tact but without a visible user. The posts should be moved to trash as well.
This is caused by removal from the blog in `network/edit.php` before the user is actually deleted where trashing of posts occurs. Since the user no longer has any assigned blogs wpmu_delete_user() doesn't call wp_delete_post().
Patch attached also cleans up confirm_delete_users slightly by using the array passed as an argument instead of $_POST['allusers'].
Related: [13918]" duck_
Tickets with Patches 31746 get_blogs_of_user() can be very slow when a user is a member of thousands of sites johnbillion Users 3.0 normal normal Future Release defect (bug) reviewing has-patch 2015-03-24T02:19:45Z 2016-09-27T16:44:27Z When a user belongs to thousands of sites, the array of `$blogs` can become rather large. Considering get_blogs_of_user is called in many places on every page-load when a user is logged in, Some optimization should happen here. Not counting the multisite admin pages, `get_blogs_of_user()` is called from the functions `is_user_member_of_blog()`, `get_dashboard_url()`, and `WP_Admin_Bar::initialize()`. I propose the results of the function to at least be stored to a static variable to prevent multiple lookups to the same information. I also propose that a pre-fetch filter (pre_get_blogs_of_user ?) be added so that a plugin can override that information and provide something more efficient if the need arises. jtsternberg
Tickets with Patches 14767 wp_create_user() does not check for a valid email address Users 3.0 normal normal Future Release defect (bug) new has-patch 2010-09-02T21:38:23Z 2015-09-02T01:24:54Z "When creating a new user an invalid email address (for example user@) will result in a zero-length string in the email field of the users table. If another new user is subsequently created with another invalid email address the error returned is ""This email address is already registered.""
It would be better for wp_create_user() to check if a valid email address has been given and return a more descriptive error. I attach a patch file for wp-includes/registration.php to include this functionality." mrwiblog
Tickets with Patches 40497 wp_insert_user requires user_login when ID is given Users normal normal Future Release defect (bug) new has-patch 2017-04-20T14:07:19Z 2017-05-19T14:41:50Z "When passing an array containing an `ID` key to `wp_insert_user`, the local variable `$update` is set to `true` so that various checks throughout the function can be disabled.
[https://core.trac.wordpress.org/browser/trunk/src/wp-includes/user.php#L1445 Line 1445]:
{{{
if ( empty( $user_login ) )
}}}
checks for the existence of the `user_login` key but does not include the check for `!$update`. This means that if an array of user meta to be updated is passed in with an `ID`, the array must also contain a `user_login`, otherwise a `WP_Error('empty_user_login')` will be thrown.
In the case that `ID` is passed in but not `user_login`, this exception should not be thrown as `user_login` is redundant: `user_login` can be determined from the ID, and logic earlier in the function (see lines 1411 onwards) determines that the user already exists and is to be updated." johnprestonsoapmedia
Tickets with Patches 41757 Add action inside of add_new_user_to_blog() function Users 3.0 low minor Future Release enhancement new has-patch 2017-08-30T02:26:16Z 2017-09-26T07:59:07Z "When adding a new user to a site in multisite, the full `$meta` array is passed in from the relative entry in the `wp_signups` database table, but it's impossible to do anything with it here because no action exists in this function.
* A similar action does already exist in `add_existing_user_to_blog()`.
* We could use the `wpmu_activate_user` hook, but we'd need to reconfirm if the user was added to the site again, which is not ideal because some complex blog switching may need to occur to do so
I'll attach a patch shortly that adds an action to match `add_existing_user_to_blog()`." johnjamesjacoby
Tickets with Patches 21730 More modular and reusable email validation functions Users normal normal Future Release enhancement new needs-unit-tests 2012-08-29T16:04:04Z 2015-12-17T16:04:16Z "Email validation, especially as it's handled in Multisite (most of which is verbatim from MU), is pretty messy. We have some functions like `is_email_address_unsafe()` for checking banned domains, but we don't have a parallel function for checking against limited_email_domains. There are no filters outside of `wpmu_validate_user_signup`, which means that if you want to use email validation outside of the normal MS registration workflow and want to tweak the way that it works (see eg #15706, #20459), you pretty much have to roll your own. And there's no single function that a plugin like BuddyPress can use to do all relevant email checks in one fell swoop.
The attached patch suggests the following changes:
- Put the limited_email_domains check into a function, `is_email_address_allowed()`.
- Put filters on the output of this new function as well as `is_email_address_unsafe()`.
- Introduce function wp_validate_email_address(), which wraps the following four checks: is_email(), email_exists(), is_email_address_allowed(), is_email_address_unsafe().
- Rearranges `wpmu_validate_user_signup()` a bit so that all email checks (as opposed to username checks) happen together.
I'm not married to anything in this particular implementation (the way that wp_validate_email_address() sends back error messages is not particularly beautiful, but I didn't want to introduce a ton of overhead), but I would really like to see some sort of treatment along these lines, to make things more modular and reusable.
If something like this gets approved by the devs, I would like to further suggest the following:
- Give a similar treatment to username validation
- Move the generic validation functions out of ms-functions.php (with function_exists() checks on the MS-specific stuff)
I'm happy to work more on this kind of patch, but didn't want to go too far in case it's a non-starter for some reason." boonebgorges
Tickets with Patches 12960 Number of posts on the Users page should include drafts and pending review Users 2.9.2 normal normal Future Release enhancement new has-patch 2010-04-11T02:35:03Z 2016-09-18T17:52:59Z "The numbers of posts on the Users page currently only include published posts, which I think is not good enough. For example, I have a contributor who has only written a few drafts and submitted a few articles for review.
If I decide to delete him and base my decision on what I see on the Users page, I would probably just go with the ""Delete the user and all his posts"" option, which would delete more than I would expect." archon810
Tickets with Patches 32796 User deletion API is inconsistent between MS and non-MS Users normal normal Future Release enhancement new needs-unit-tests 2015-06-26T12:56:44Z 2015-07-05T03:25:22Z "On non-multisite, `wp_delete_user( $u )` does what you'd expect: it deletes user `$u` from the database. On multisite, the same function basically wraps `remove_user_from_blog()`; if you want to delete a user from the database altogether, you've got to use `wpmu_delete_user()`.
I understand the historical reasons behind the divergence, but it's pretty lame from a developer's point of view to have to check `is_multisite()` before removing a user from the database.
There's a note in the docblock for `wpmu_delete_user()` that says ` * @todo Merge with wp_delete_user() ?`. Maybe we could actually make this happen?
" boonebgorges
Tickets with Patches 19867 wp_dropdown_users() still not scalable Users 3.3.1 normal normal Future Release enhancement new has-patch 2012-01-20T22:04:27Z 2018-03-12T14:17:17Z #14572 made huge improvements to the performance of wp_dropdown_users(), however, on certain sites that have an unusually large set of authors, wp_dropdown_users() still isn't usable. It either causes a memory error on the server, or potentially crashes the client browser due to content size. prettyboymp
Tickets with Patches 35569 Avatar should update when email is changed swissspidy Users normal normal Future Release feature request assigned has-patch 2016-01-22T05:03:35Z 2017-02-18T22:38:27Z "Similar to how the ""Display name publicly as"" field updates automatically as you change your name, the ""Profile Picture"" field should update automatically as you change your email address.
(Also, the capitalisation on that field doesn't match the rest of the labels.)" rmccue
Unpatched Bugs 27743 """Change role to..."" omitted from bottom of users table shown to single site admin in multi-site" Users 2.7 normal normal Future Release defect (bug) assigned 2014-04-09T21:01:48Z 2015-09-30T02:06:07Z "For more background, see multisite forum discussion [https://wordpress.org/support/topic/how-can-a-multisite-site-admin-change-a-users-role?replies=6#post-5437492] where the mod thought this might be worth a ticket.
Browsing the current sources for trunk, I can see that the problem is present at line 206: [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-users-list-table.php#L206]
My personal feeling is that even for filtering controls, having them present in the line of controls at the top of tables but absent in the line at the bottom of the tables is not a good idea, but I'll concede that it's debatable.
However, I believe that for this case of showing the ""Change role to..."" bulk action at the top of the users shown to single-site admins in a multi-site network, but omitting it from the bottom of the table, where it clearly ought to be present beside the Bulk Actions control, is a bug.
The attached screenshot shows the problem (using 3.7.1). Deleting these lines from the trunk version of {{{class-wp-users-list-table.php}}} fixes the problem (tested in 3.7.1).
" sootsnoot
Unpatched Bugs 12720 Delete user and hook confusion when deleting users in Multisite Users 3.0 normal normal Future Release defect (bug) new 2010-03-26T12:42:59Z 2015-07-05T03:37:20Z "Currently:
The hook ''wpmu_delete_user'' fires when deleting user in Super Admin->Users.
The hook ''remove_user_from_blog'' when deleting user under site Users->Authors & Users.
In standard WP:
The hook ''delete_user'' is called when deleting users it should be the same in MultiSite when deleting from Super Admin->Users.
Or add new hooks and deprecate previous.
''delete_user_from_network'' for when deleting a user totally.
''delete_user_from_site'' for when deleting a user from a specific site. This is hook also then fires in non-MultiSite mode since that then corresponds to one site." andreasnrb
Unpatched Bugs 15855 Dropdown isn't shown when doing a user 'removal' jeremyfelt Users normal normal Future Release defect (bug) assigned 2010-12-16T23:38:12Z 2016-03-16T02:04:03Z "Steps to reproduce:
0. Have a MultiSite install
1. Go to wp-admin/users.php and delete a user
2. A confirmation screen appears, with only a ""Confirm"" button.
Expected behaviour:
The user dropdown is shown, asking to assing the user's posts to a different user.
Currently, you end up with authorless posts." scribu
Unpatched Bugs 16001 Invited but not activated users can get lost Users 3.0 normal normal Future Release defect (bug) new 2010-12-27T22:37:15Z 2017-08-24T17:59:45Z "Steps to reproduce:
* In ''Site Admin'', go to Users > Add New
* Add a new user
* You get a message to the effect of, said user needs to respond to an invitation.
Now the user has disappeared. There's no way for a super admin or anybody to search for that user and add her directly, or delete her, or anything like that. If the user doesn't get the email, she's out of luck: that username and email are now reserved for ""a couple of days.""" filosofo
Unpatched Bugs 17394 Network Admin -> Sites -> Users not report correctly Users 3.1.2 normal normal Future Release defect (bug) reopened 2011-05-12T14:10:29Z 2015-10-03T23:22:30Z "The Network Admin -> Sites -> Users screen does not list all users in the site. I see the symptom of this issue has been reported before, but I have found the cause (in my case anyway).
'''Example Scenario:'''
In my set up I have added plugins that add user roles: a registration plugin that adds ""Registration Admin"" and a event management plugin that adds ""Office"" and ""Committee"". I have the registration plugin installed in all sites (root and test), but the event plugin in only installed in the test site.
When I add a user to the root site, I can choose the normal roles or ""Registration Admin"", when I add a user to the test site I can choose the normal roles or any of the 3 new roles that have been added.
'''Problem:'''
When I view the list of users on the Network Admin, not all users are displayed in the list. It appears the Network Admin screen works in the context of the root site, where the event plugin is not installed. As a result, the Office and Committee roles are not available in the root site, and users of the sub-site with the those roles do not show in the user list.
The filters show the correct total number of users beside All, but the additional roles unique to the sub-site are not listed. In the sub-site Dashboard, they show correctly, and if I install the other plugin to add the Office and Committee roles to the root site they will show in the Network Admin -> Sites -> Users screen for the sub-site.
It would appear the user list for a sub-site will ignore users that are assigned a role that doesn't exist in the root site, even though they are assigned a valid role in the site displayed.
This bug is reproducible by adding roles to sub-sites.
I would a happily help with more clarification or resolving this issue as needed. I know it's not critical, but it is very frustrating when administering a large multi-site network." whiteatom
Unpatched Bugs 13569 Odd edge case with shared user tables and custom admin username during install Users normal normal Future Release defect (bug) new 2010-05-27T06:06:43Z 2015-10-07T20:23:13Z "1. In install 1, run install.php and use a custom username (NOT called 'admin') and set the e-mail to email@example.com.
2. In install 2, before installing, set up shared user tables with install 1. Then run the installer. You won't have the ability to choose usernames (that's expected). Use the *same* email.
3. Click ""Install."" You'll get hit with a WP_Error object.
What's happening? The logic in wp_install() is to do a username_exists() against the username passed to it. If the user exists, it assumes that you're using shared user tables. Problem is, wp_install() is passed 'admin' from install.php (as that's the default, and you don't see the fields when custom user tables are setup), while your user is not called 'admin'. The e-mail address is already being used for another user however, so it is creating 'admin' and is failing on the duplicate e-mail address.
If the email address doesn't match any user, I imagine you'd instead get an 'admin' user in your second install, which you could promptly delete. I see no problem with that, as the alternatives are to pick which user should become an admin.
So, the fix would be to change username_exists() and the logic that follows, and instead match the e-mail address with an existing user, and make that user the new administrator. If no user with that email exists, we create an admin user and they can tough it out.
I do not feel this is a blocker at all. The symptoms I am seeing should be the same in 2.9.2 if you removed the admin user in install 1, then proceeded to share user tables with install 2 before installing.
It'd be nice to at least prevent the fatal error and allow the install to finish, however. I do want to get to it in 3.0 if I can, since we now are allowing custom admin names. That said, setting to 3.1." nacin
Unpatched Bugs 27239 Registration email not sent (multisite subdirectory) Users 3.8.1 normal normal Future Release defect (bug) new 2014-02-28T17:59:42Z 2015-10-14T16:17:41Z "I am trying to add new user:
- wp-admin/user-new.php
When I add new user from site administration, there is no notification email sent to activate account.
- wp-admin/network/user-new.php
When I add new user from network administration, information email is sent. But then I have to add this user to specific site and there is another notification email sent. Everything works well." pavelevap
Unpatched Bugs 36405 User creation fails for users with long names. Users normal normal Future Release defect (bug) new 2016-04-03T05:49:00Z 2016-08-10T13:23:23Z "Summary: When creating a user with a long first or last name, the query that inserts the user into the DB is assumed to have succeeded, but that fact is never verified.
Sign in as an admin and create a new user, giving it the first name `ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQ` (or any 251-byte string). After submitting the form, you'll see a handful of error messages (line numbers are from trunk just now, but I can reproduce the bug as far back as 4.2.1):
{{{
Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1716
Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1717
Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1730
Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1738
Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1740
Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1742
Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1746
Warning: Cannot modify header information - headers already sent by (output started at wp-includes/pluggable.php:1716) in wp-includes/pluggable.php on line 1171
}}}
What happens is that the `$wpdb->insert( $wpdb->users, $data + compact( 'user_login' ) );` call in `wp_insert_user()` fails, but there's no check to ensure that it succeeded, so the code proceeds to try and create a new `WP_User` with ID `0`. This results in unexpected behavior, like sending a ""New User Registration"" email to the admin with blank ""Username"" and ""Email"" values.
The failure is due to `$wpdb->process_fields()` calling `$wpdb->strip_invalid_text()`, which truncates the `display_name` field (because the `display_name` field only allows 250 bytes), and because it then doesn't match the value passed into `$wpdb->process_fields()`, it returns `false`. So this isn't so much a bug about a text string that's too long, it's really a bug about not checking the return value of `$wpdb->insert()`.
I think the resolution of #10377 is probably the same kind of approach that could be taken here, since the problems seem similar." cfinke
Unpatched Bugs 11959 Value Truncation Still Unchecked in registration.php Users normal normal Future Release defect (bug) new 2010-01-20T22:59:50Z 2015-06-19T22:38:17Z Functions such as username_exists() fail to perform sanity checks against the storage schema. As a result, it is possible to register multiple users with the same username, if the length is greater than or equal to the username field size. Only the first user can login, however anyone re-registering that username can impersonate the first user to reset their password. miqrogroove
Unpatched Bugs 38851 WP_User_Query cannot retrieve multisite users who have not been assigned a role on a site Users normal normal Future Release defect (bug) new needs-unit-tests 2016-11-18T15:11:32Z 2017-12-01T05:20:30Z "If you add a user to a multisite at network level, but do not proceed to assign them a role on a site within the network, `WP_User_Query` cannot retrieve those users (even if the query is run at network level), as they have no associated `wp_capabilities` meta_key.
To reproduce the problem:
1) Add a user to a multisite via Network Admin > Users > Add New.
2) Run a WP_User_Query at network level (e.g. by doing something like:
{{{
add_action('load-users.php', 'myAction');
function myAction()
{
$screen = get_current_screen();
if( $screen->base === 'users-network' {
$query = new WP_User_Query();
$users = $query->results;
}
}
}}}
The returned results will not include the user added in step 1. In fact, it will only return users who have capabilities set on the first site in the network, even though this query is not occurring at site level.
This could be fixed by allowing something like `'blog_id' => 'all'` in a `WP_User_Query`." robdxw
Unpatched Enhancements 18791 Add custom post type support for Author Template functions Users 3.2.1 normal normal Future Release enhancement new needs-unit-tests 2011-09-27T12:32:48Z 2015-11-01T19:23:39Z "Functions defined in `wp-includes/author-template.php` assumes that post type == post. It will be good to enhance them so they will be able to work with specified post type.
At first sight following functions will need update:
{{{
get_the_author_link()
the_author_link()
get_the_author_posts()
the_author_posts()
the_author_posts_link()
get_author_posts_url()
wp_list_authors()
}}}
I suspect there will be other updates needed, to support new `post_type` argument added to author's url." sirzooro
Unpatched Enhancements 13339 Add hook on network admin user forms Users normal normal Future Release enhancement new 2010-05-11T11:45:37Z 2015-12-03T15:59:15Z "On WP 3.0 it is possible to add new users as Super Admin, but they do not really assign each instance. So it would be useful when creating the user, if you have a selection of instances that are created and then selecting one with the checkbox where the user should get access.
Maybe it is possible to add a hook for add own fields, similar the possibilies on user-edit.php for profile fields." bueltge
Unpatched Enhancements 24512 Add user ID to query vars after adding a user Users 3.0 normal normal Future Release enhancement new 2013-06-06T10:32:54Z 2015-10-07T20:03:28Z "When you add a new user (or existing user on Multisite) to your site, you're redirected to the same screen but the new user ID is not passed along as a query var in the URL.
I'd like to add some user-specific links to the screen in a plugin of mine and can't do so without a user ID." johnbillion
Unpatched Enhancements 34297 "Passwords containing ' or "" via wp_set_password() break login via wp-login.php" johnbillion Users normal normal Future Release enhancement reviewing needs-docs 2015-10-14T11:07:22Z 2016-10-20T15:22:45Z "We are using custom plugins to have the user reset their passwords. Internally all that is done boils down to the following code:
{{{
wp_set_password('Test""123', 1);
// alternative test
wp_update_user([
'ID' => 1,
'user_password' => 'Test""123'
]);
}}}
Doing this the password gets successfully changed inside the database.
Trying to login on wp-login.php now with the new password results in: ""ERROR: The password you entered for the username admin is incorrect""
Login however still works using wp_signon().
I don't know what's going on there or where the differences are but surely this can't be intended behavior that we're not supposed to set passwords using ' or "" via wp_set_passworod(), can it?" manuakasam
Unpatched Enhancements 39090 Remove duplicate query from posts page in the admin Users normal normal Future Release enhancement new needs-unit-tests 2016-12-05T20:33:19Z 2016-12-07T16:00:15Z "The posts page in the admin (`/wp-admin/edit.php`) is running twice the query below. This is a problem specially for sites with a significant number of users since this query can be super slow (see #19867 and #28160).
{{{#!php
SELECT wp_users.ID,wp_users.user_login,wp_users.display_name
FROM wp_users
INNER JOIN wp_usermeta
ON ( wp_users.ID = wp_usermeta.user_id )
WHERE 1=1
AND ( ( wp_usermeta.meta_key = 'wp_user_level'
AND wp_usermeta.meta_value != '0' ) )
ORDER BY display_name ASC
}}}
The query is executed by `WP_User_Query::query()` and, in this particular page, is called by the function `wp_dropdown_users()`.
The attached patch fixes this problem by adding the result to the cache when the query is run the first time. Preventing multiple executions of the same query." rodrigosprimo
Unpatched Enhancements 21910 wpmu_create_user() standardization Users 3.0 normal normal Future Release enhancement new 2012-09-17T18:03:24Z 2015-10-03T23:25:41Z "There seems to be some inconsistencies between wpmu_create_user(), create_user(), and wp_insert_user(). The former two are wrappers, and do different things but potential to consolidate and clean up some old code.
Per Nacin:
>nacin: wpmu_create_user() should probably just go away.
>nacin: fairly useless function
>nacin: by default, it looks like wp_insert_user() would create a role-less user.
>nacin: as would wp_create_user()
Looking at wp_insert_user() it sets the default role if none is provided, where wpmu_create_user() would actually delete the default roles and caps.
Although, I'm not really sure there's a use case where you'd be using both the wpmu_new_user and user_register hooks simultaneously so possibly depreciate the former in favor of the latter.
One real issue with wpmu_create_user is that it returns false instead of the WP_Error object which is probably not desired since the error could be useful. The false return is used in wpmu_activate_signup() to either set the returned ID or create it's own WP_Error.
Lastly... documentation for create_user says it returns the ID, but it looks like it could potentially also return a WP_Error object. Didn't test, but possible documentation fix there.
" ryanduff
Unpatched Enhancements 18146 Add user-level timezone setting swissspidy Users normal normal Future Release feature request assigned 2011-07-17T06:25:21Z 2018-04-09T19:48:02Z "Timezone can currently only be set on the blog level. This makes sure that the blog displays times in the timezone chosen by the blog's owner.
It would also make sense to add a timezone setting for registered users, so we can show times in their own timezone, or use that setting as a default for new blogs or other features in a multi-site setting." RanYanivHartstein
Slated for Next Release 42775 Support uploading files in HEIF and HEVC formats Upload trunk normal minor 5.0 enhancement new 2017-12-02T23:02:31Z 2018-02-07T23:35:55Z "Mac OS X 10.13 High Sierra introduces support for new native image format HEIF and video format HEVF.
These aren't widely used by anyone yet, and absolutely no browsers support displaying HEIFs at present (per CanIUse.com as of 2017-12-02 [https://caniuse.com/#feat=heif]) — not even Safari. So this clearly isn't a big priority, but it seems likely these will become ubiquitous in time, and it would be good to at least support uploading these file formats, since they are valid media files.
This was brought to my attention by this line in Ars Technica's review of OSX 10.13:
The Ars WordPress CMS won't even let me upload HEIF files [...]
https://arstechnica.com/gadgets/2017/09/macos-10-13-high-sierra-the-ars-technica-review/
We should probably fix that. :)
" mattheweppelsheimer
Tickets Awaiting Review 35310 """Add Media"" dropzone shouldn't take up the entire modal window" Upload 4.0 normal normal Awaiting Review defect (bug) new 2016-01-04T21:41:44Z 2016-01-05T00:05:32Z "As @ocean90 mentioned in #28851,
> the whole `[""Add Media"" modal window]` is a dropzone for the uploader.
For example, if you drag and drop an item over the left, gray column where the ""Create Gallery"", ""Create Audio Playlist"" and ""Featured Image"" links are, the ""Add Media"" window will show that the dropzone covers this area as well.
Since I'm attempting to write a plugin to add an extra plupload drag-and-drop instance in the existing ""Add Media"" modal window, my custom dropzone will not take effect because WP's dropzone has precedence.
Would it be possible to limit WP's uploader dropzone to the ""Insert Media > Upload Files"" tab only?" r-a-y
Tickets Awaiting Review 22128 Adding upload mimetype in Multisite does not work if mimetype is not already defined Upload 3.0 normal minor Awaiting Review defect (bug) new 2012-10-08T13:13:54Z 2015-02-14T03:16:22Z "'''Description'''
We would like to add 3gp to the list of file types to be uploaded in the sites of our network install.
We've tried to add 3gp to the Network Settings->Upload File Types setting for this. However after having saved the setting we were still not able to upload 3gp. It seems the user setting is being overruled by the list of global settings.
'''Steps to reproduce issue:'''
1. Use WordPress Network install (aka Multisite)
2. Add the file extension 3gp to the upload file types setting in Network Settings
3. Save Settings
4. Try to upload a 3gp file using the Media Library, it will fail with the message: 'Sorry, this file type is not permitted for security reasons.'
It seems the upload file types defined in the Network Settings cannot overrule / add new file types if this file type has not already been defined in the function wp_get_mime_types() (see file: wp-includes/functions.php).
'''Expected behaviour'''
Changing the Upload File Types by adding a new extension results in WordPress accepting files ending in this extension. Or warn the admin that this extension is unknown and more info (such as the full mime type) is needed.
'''Proposed solution'''
We are aware of the hook 'upload_mimes' to fix this with a plugin, but we suggest that the superadmin Network Settings->upload file type overrules WordPress' built-in defaults instead of the other way around." BjornW
Tickets Awaiting Review 40609 Cannot register an application/foo+xml mime type without also registering application/xml Upload normal normal Awaiting Review defect (bug) new 2017-04-30T04:05:08Z 2017-06-01T19:21:11Z "In wp_check_filetype_and_ext() there is a block that uses finfo_file to sniff the mime type of a file. When registering an application/foo+xml type the returned type from finfo_file is application/xml so to allow application/foo+xml using the upload_mimes filter one must also allow application/xml otherwise this real_mime check fails.
It seems like the check should allow the original mime type if the real_mime is application/xml and the $mime is of the form application/foo+xml" paulsowden
Tickets Awaiting Review 22150 Customizer: Remove Image doesn't remove from Media Library Upload 3.4 normal normal Awaiting Review defect (bug) new 2012-10-10T05:35:15Z 2015-09-02T03:55:39Z "After uploading an image using the Theme Customizer, a ""Remove Image"" link appears - this seems to imply that clicking it will cause the image to be deleted entirely, rather than just hidden from the current view.
" pento
Tickets Awaiting Review 43310 "Generic ""HTTP Error"" when uploading PDFs via Media area" Upload 4.9.4 normal normal Awaiting Review defect (bug) new dev-feedback 2018-02-14T01:58:49Z 2018-04-19T21:12:17Z "This might be tied in with Ticket #41973. This may also be [https://make.wordpress.org/core/2016/11/15/enhanced-pdf-support-4-7/ tied into this issue], which was previously fixed for 4.7x.
Currently using the following code to handle image processing:
{{{
// Fix image processing
add_filter( 'wp_image_editors', 'change_graphic_lib' );
function change_graphic_lib($array) {
return array( 'WP_Image_Editor_GD', 'WP_Image_Editor_Imagick' );
}
}}}
I've done all the digging around I can. File upload max size is 140 megs (the test PDF I used is only 13 megs). I've done the .htaccess and php.ini tweaks needed to allow plenty of upload time. Images no longer return the arbitrary ""HTTP Error"" after adding the above function.
PHP 7.0.27-0+deb9u1 (cli) - This is the latest stable release, [https://packages.debian.org/search?keywords=php7.0 per Debian].
This is what I passed along to our customer:
""You’ll have to “tough your way” into the PDF uploads… after you upload a PDF, give it a few minutes… then do a power refresh on the media gallery (I would recommend you upload it through the media gallery first, rather than using the “Add Media” feature on posts and pages).""" BearlyDoug
Tickets Awaiting Review 23188 Hardcoded relative url 'async-upload.php' in plupload/handlers.js Upload 3.5 normal normal Awaiting Review defect (bug) new 2013-01-12T11:47:48Z 2018-01-18T20:34:04Z "On line 127 in plupload/handlers.js you can find relative path to 'async-upload.php'.
It rather should use wpUploaderInit.url (or something like that), so you could use WP Plupload in front-end for example or with your custom uploading scripts.
Now you can write your custom uploader script and provide it via wpUploaderInit, but on that line in handlers.js it is ignored (and if you run it in front-end, bad request to ./async-upload.php is made)." drozdz
Tickets Awaiting Review 23483 Incorrect image URL for subsites when using UPLOADS constant on multisite subdirectory installation Upload 3.5.1 normal normal Awaiting Review defect (bug) new 2013-02-15T18:56:54Z 2017-07-08T00:41:31Z "If the UPLOADS constant is used on a Wordpress Multisite installed to subdirectory, using subdirectory mode, then image URLs for subsites are incorrect.
Example:
* WP MS installed to www.domain.com/wordpress, subdirectory not subdomain
* UPLOADS set to 'assets'
Main site uploads images to /wordpress/assets/... [[BR]]
Main site image URL is www.domain.com/wordpress/assets/...
1. Create subsite called 'subsite';
2. Subsite uploads images to /wordpress/assets/sites/2/...
3. Subsite image URL is www.domain.com/subsite/assets/sites/2/... when it should be www.domain.com/assets/sites/2/...
This is because wp_upload_dir() uses get_option('siteurl') to derive the URL. It is probably right for subdomain multisite but wrong in this use case." creativeinfusion
Tickets Awaiting Review 38581 Media uploads fail after session expiration Upload 4.6.1 normal normal Awaiting Review defect (bug) new 2016-10-30T23:28:27Z 2016-10-30T23:28:27Z "On occasion, I write fairly long blog posts in WordPress that can take some time to research and put together. I've noticed that after a session expiration, I am not able to use the media uploader to add images/files to my post '''unless''' I refresh the editor, either by using my browser's Refresh functionality or by clicking the Save Draft button. I could see how a novice user could get very frustrated in this sort of situation, not knowing how to get beyond the error.
'''Steps to reproduce'''
* On a WordPress site (for testing purposes) [https://wordpress.org/plugins/login-security-solution/ use a plugin like Login Security Solution] to decrease the idle timeout to something short, like two minutes. (This negates having to wait for hours for the default inactivity limit to be reached).
* Open the post editor and begin creating a post.
* After logging back in when prompted, try to upload an image or other file using either the ""Add Media"" button or the Set featured image link.
* Watch the upload fail with the cryptic message ""HTTP Error"". (Uploading ... Filename.png ... HTTP error.) The user cannot ascertain from this error why the upload failed.
Trying the upload again will result in the same error every time. The media uploader will not work until the editor screen has been reloaded in the browser.
" avcascade
Tickets Awaiting Review 18474 Misleading error message when theme ZIP exceeds post_max_size Upload 3.2 normal normal Awaiting Review defect (bug) reopened dev-feedback 2011-08-18T16:16:03Z 2015-09-01T23:57:58Z "''post_max_size'' is 32MB, now try to uploading a 40MB big ZIP.
You will get the ''Are you sure you want to do this? Please try again.'' message. But ''try again'' will not help.
Notice:
''Warning: POST Content-Length of 47774864 bytes exceeds the limit of 33554432 bytes in Unknown on line 0''" ocean90
Tickets Awaiting Review 39864 Upload not giving back any error message when uploads directory doesn't exist. Upload 4.7.2 normal normal Awaiting Review defect (bug) new 2017-02-13T17:35:20Z 2017-02-13T17:35:20Z "[[Image(http://i.imgur.com/PLrKSNz.png)]]
When the path (upload_path in media options) set in the above image doesn't exists, no error message is displayed when uploading images. It would be great if an error message would tell you that the path is set wrong or doesn't exists, so you get an idea where to start looking to fix the error.
After you upload an image the image gets displayed like this on the media page:
[[Image(http://i.imgur.com/Euiaihl.png)]]" nahakiole
Tickets Awaiting Review 32704 Upload path is not set correctly after switch_blog Upload 3.0 normal normal Awaiting Review defect (bug) new 2015-06-18T15:06:15Z 2015-07-10T22:08:17Z "When blog is switched and still using old multisite upload folders, upload
directory is not set correctly, which makes functions like
wp_get_attachment_image_src() return the wrong url." ilanco
Tickets Awaiting Review 25650 When switching between blogs, wp_upload_dir 'baseurl' and 'url' may be pointing to the current blog not the switched one Upload 3.6.1 normal normal Awaiting Review defect (bug) new 2013-10-21T14:36:08Z 2018-03-12T08:29:18Z "Only tested on subfolder multisite (I don't have a way to test on a subdomain install right now).
It seems very similar to ticket #23483 but I'm not sure if it should be treated the same:
Example with two blogs in a network:
- www.mydomain.com/my-source-blog (ID:5)
- www.mydomain.com/my-destination-blog (ID:15)
I discover this while trying to move a post with images from a blog to another. The post is copied and images inside the post are copied too.
Starting point: The current blog ID is 15 (my-destination-blog). I'm trying to get upload URLs from the current blog:
{{{
switch_to_blog( 5 );
$source_upload_dir = wp_upload_dir();
$source_upload_baseurl = $source_upload_dir['baseurl'];
restore_current_blog();
$destination_upload_dir = wp_upload_dir();
$destination_upload_baseurl = $destination_upload_dir ['baseurl'];
}}}
At this point, $source_upload_baseurl is:
{{{
http://www.mydomain.com/my-destination-blog/wp-content/uploads/sites/5
}}}
Where should be:
{{{
http://www.mydomain.com/my-source-blog/wp-content/uploads/sites/5
}}}
$destination_upload_baseurl is fine.
It seems that if get_option( 'upload_url_path' ) returns false, wp_upload_dir() makes use of WP_CONTENT_URL constant that is set to the current blog URL at the beggining of the execution (in default-constants.php):
{{{
define( 'WP_CONTENT_URL', get_option('siteurl') . '/wp-content');
}}}
This value obviously does not change when switching a blog.
" igmoweb
Tickets Awaiting Review 39392 WordPress page file uploading bug Upload 4.7 normal normal Awaiting Review defect (bug) new 2016-12-25T21:23:09Z 2016-12-25T21:23:09Z At first I thought I'm crazy here, and what the hell is happening here. But now, I understand - Avada newest 5.0.6 has a bug somewhere, and everything I upload from page it uploads to 2015/02 uploads folder. Or maybe it is even WordPress bug. As now it is 2016/12. Somewhy it attaches to page creation date, not todays date. KestutisIT
Tickets Awaiting Review 32420 Wordpress report file upload not supported for IE 11 on WindowsPhone 8.1 Upload 4.2.2 normal normal Awaiting Review defect (bug) new 2015-05-17T01:04:57Z 2016-05-18T21:10:55Z "When trying to upload media through my phone, WordPress report that my browser cannot be used to upload files.
That's not true, IE11 on Windows Phone 8.1 can upload files." ahriad
Tickets Awaiting Review 31372 media-new.php stops uploading after max_execution_time set in php.ini Upload 4.1 normal normal Awaiting Review defect (bug) new 2015-02-18T19:59:13Z 2015-02-20T12:02:24Z "== Environement ==
Windows Server 2008 (version 6, build 6002: SP2)
IIS Version 7.0.6000.16386
PHP Version 5.4.26
FastCGI
== Problem ==
When uploading a media file to Wordpress the upload only runs for the max_execution_time set in php.ini. When that time has elapsed (for slow connections or a large file) the multi-file uploader displays the generic error ""HTTP error."" The browser uploader stops with the PHP error ""max execution time reached""
Is this behavior by design?
== Proposed solutions ==
1. '''set `set_time_limit(0)` in media-new.php, so a upload can take as long as it needs''' [[br]] For IIS this solution is preferred, because FastCGI automatically stops script execution when a connection is lost. For Apache the additional code `ignore_user_abort(false);` might be needed to prevent the script from executing after the client has aborted, although that also is the standard behavior for Apache I think.
2. '''Display a more helpful error''' [[br]] ""HTTP error."" could practially mean everything. It took me at least 2 hours to find out what was causing the error. Displaying ""Your upload exceeded the max_execution_time set in PHP"" makes things already a lot more understandable.
== Thoughts about limits ==
File uploads are already limited by max_upload_size and max_post_size, so it should make sense to not also limit them on how long they can take.
Some users simply don't have a fast enough connection to complete the file upload in the max_execution_time specified by php.ini" au.merci
Tickets Awaiting Review 28238 Add filter to value returned from get_space_used() Upload 3.5 normal normal Awaiting Review enhancement new has-patch 2014-05-13T18:20:06Z 2015-11-01T19:24:21Z It would be helpful to have an additional filter to modify the returned value from the get_space_used() function in order to add additional space quantities without having to recreate the entire function by only having the 'pre_get_space_used' filter. hereswhatidid
Tickets Awaiting Review 30384 Cannot hook plupload's JavaScript consistently Upload 4.0 normal normal Awaiting Review enhancement new 2014-11-18T16:03:56Z 2015-12-03T14:45:39Z "Visit /wp-admin/media-new.php and enter the following into the console:
window.uploader.bind('FileUploaded', function (){alert(1)})
Upload a file and once that's complete your function will be executed.
However if you visit /wp-admin/upload.php or /wp-admin/post-new.php and run that JavaScript you'll find that window.uploader is undefined.
I'm trying to prompt users to add additional information about the images they upload, but without access to the Uploader object that appears to be impossible." tomdxw
Tickets Awaiting Review 18489 Create constants in default-constants.php for the uploads folder to allow better custom uploads location eddiemoya Upload 3.2.1 normal normal Awaiting Review enhancement reopened 2011-08-19T20:11:41Z 2015-09-20T19:50:59Z "There are cases in which a the uploads directory might need to be divorced WP_CONTENT_DIR, currently the only thing we can use is the UPLOADS constant, which works but is relative to ABSPATH and as such limits where the uploads directory can be moved to.
In default-constants.php we have constants for the wp-content, and plugins folder - the uploads folder is a natural addition to this. Currently there is only a poorly documented UPLOADS override in wp_uploads_dir, which can be overridden in wp-config.php. I also think there should be a similar constant for the themes folder, but I would that would be a bit more complex of a change.
I have create a new function in default-constants.php which introduce WP_UPLOADS_DIR and WP_UPLOADS_URL, which are called after wp_plugins_directory_constants() in wp-settings.php - because that function create WP_CONTENT_URL, which is needed in order to create WP_UPLOADS_URL.
It is important to note that I have not changed any of the precedent in terms of what overrides what - the uploads_path option still overrides the default location (or now, the potentially custom location) defined by the new constant, ''the old UPLOADS constant will still override either of them if it is set''. Thats the way it worked before and that behavior has been preserved.
Additionally, I have patched /wp-includes/function.php wp_uploads_dir to make use of these new constants as well as a little clean up of some related logic.
First patch to core - go easy." eddiemoya
Tickets Awaiting Review 35823 "Implement ""FS_CHMOD_FORCE"" constant; if set - media uploads and image resizing do NOT ignore FS_CHMOD_FILE" Upload normal normal Awaiting Review enhancement new 2016-02-12T23:46:25Z 2018-01-25T20:22:36Z "Hello.
I want to re-open https://core.trac.wordpress.org/ticket/21251
I think that it's very strange to not giving an ability to globally override file permissions. Even though WP lead developers thinks that it's ""not good"" to use FS_CHMOD_FILE on file uploads - there should be a way to do it. It will not be default. Default behaviour won't be changed. Filters or other ways are a madness for users with many websites on board or for hosting providers which want to set basic options forcefully.
The problem:
One may expect that after setting constant FS_CHMOD_FILE - all files created or modified (maybe) by WordPress will have FS_CHMOD_FILE permissions. But for some wierd reason it is not so. I can understand the explanation from 21251 ticket. So it can be solved by creating a new constant which control the behaviour.
I've attached a patch which changes upload function's logic to understand FS_CHMOD_FORCE constant and honor it if it is defined. If it is not defined (default), behaviour will be the same as it was before.
After applied patch it will be possible to set the following in wp-config.php or globally:
{{{#!php
/path/to/your/file
[url] => /url
[subdir] => /2010/05
[basedir] => /path/to/wordpress/wp-content/uploads
[baseurl] => http://example.com/wp-content/uploads
[error] =>
)
}}}
If the [error] field contains empty value then the file won't be uploaded because it checks for the below condition :
{{{
false === $uploads['error']
}}}
" PranaliPatel
Candidates for Closure 40624 MP3 files with ID3v2 information can't be uploaded Upload 4.7.4 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-05-01T19:02:06Z 2018-01-12T01:28:57Z "When I upload an mp3 to the Media Library that has any ID3v2 information, I receive an error, ""Sorry, this file type is not permitted for security reasons."".
When I removed the ID3v2 information, and solely had ID3v1 information, the upload completed successfully.
mp3 files are an allowed file type in my WP installation. ALLOW_UNFILTERED_UPLOADS is false.
" sophia4wp
Candidates for Closure 39729 The file upload button is not configured from a new entry Upload 4.7.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-01-28T16:29:12Z 2017-01-28T17:24:26Z "Hi, attached photo to better explain the error. Since updating to the latest version of wordpress (4.7.2-en_US), the button to upload files, from a new entry, is apparently not configured. The link is ""#"" and does not perform any action.
https://www.notirey.com.ar/bug.png
Thanks." lucasmerca
Candidates for Closure 32318 Upload fails, wp_insert_attachment returned 0 Upload 4.1.5 normal normal Awaiting Review defect (bug) new close 2015-05-08T22:34:11Z 2016-01-15T17:53:47Z "One specific mp3 file was failing to attach, and it seems wp_insert_attachment is breaking with 0 returned, breaking update-attachment-metadata:
wp-admin/includes/media.php, line 360:
{{{
// Save the data
$id = wp_insert_attachment($attachment, $file, $post_id);
if ( !is_wp_error($id) ) {
wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
}
}}}
id = 0, caused by these lines in wp-includes/post.php, around line 3351:
{{{
if ( false === $wpdb->insert( $wpdb->posts, $data ) ) {
if ( $wp_error ) {
return new WP_Error('db_insert_error', __('Could not insert post into the database'), $wpdb->last_error);
} else {
return 0;
}
}
}}}
In this case the documentation is wrong, it didn't return the post id." programmin
Candidates for Closure 15955 move_uploaded_file mangles non-ascii characters on Windows platforms SergeyBiryukov* Upload 2.0 normal major Awaiting Review defect (bug) accepted close 2010-12-22T22:15:46Z 2018-04-18T12:43:08Z "The `sanitize_file_name` function is not filtering alot of character entities like the degree symbol, this results in invalid media item paths, see the attached images.
wp-includes/formatting - Line 677
{{{
$special_chars = array(""?"", ""["", ""]"", ""/"", ""\\"", ""="", """", "":"", "";"", "","", ""'"", ""\"""", ""&"", ""$"", ""#"", ""*"", ""("", "")"", ""|"", ""~"", ""`"", ""!"", ""{"", ""}"", chr(0));
}}}
This array is not dealing with invalid entities that could be used in a filename, and the regular expression further down is not catching these either.
wp-includes/formatting - Line 700
{{{
if ( preg_match(""/^[a-zA-Z]{2,5}\d?$/"", $part) ) {
}}}
See attached images, i used 4 varying names with unusual entities in them(each a copy of a sample jpg image).
Using a filter on the valid chars array results in the extension getting stripped off but the file still makes it through the upload routine however(which is worrying).
I'm no file validation expert, so i'm not sure if this is a critical problem(marked as normal), i'll leave this for you chaps to decide.
'''NOTE:''' Ignore my hostname in the screenies, it's a 3.0.3 installation, i'm just lazy with updating my virtual host settings.
See screenshots for steps to reproduce(just create a file with some dodgy character entities and upload it basically)." t31os_
Candidates for Closure 40323 "wp-admin/async-upload.php returns ""text/html"" at Content-Type" Upload 4.7.3 normal normal Awaiting Review defect (bug) new close 2017-03-31T11:28:03Z 2017-04-01T00:23:20Z "When uploading image via wp-admin/async-upload.php, response-header includes ""text/html"" at Content-Type.
I'm creating a module only for html.
So I want to detect the response is html or not.
But this response returns text/html at header, so I cannot detect correctly.
To handle properly, I want response-header to use ""application/json"" or something." mrasu
Candidates for Closure 33963 New function: `upload_url()` Upload normal normal Awaiting Review enhancement new reporter-feedback 2015-09-22T12:32:57Z 2016-01-22T18:33:08Z Retrieve the url to the uploads directory. sebastian.pisula
Candidates for Closure 23750 Uploads go into subdirectory install of WordPress Upload 3.5.1 normal normal Awaiting Review enhancement reopened close 2013-03-12T22:10:59Z 2015-11-24T00:22:53Z "In upgrading a few sites to WordPress 3.5 and then giving WordPress its own directory (`wp/`), we continually see the uploads end up in `wp/wp-content/blogs.dir` instead of `wp-content/blogs.dir`.
For the time being as a work around we have enabled a network wide plugin that consists of
{{{
function ms_upload_fix($uploads) {
$uploads['path'] = str_replace('/wp/', '/', $uploads['path']);
$uploads['basedir'] = str_replace('/wp/', '/', $uploads['basedir']);
return $uploads;
}
add_filter('upload_dir', 'ms_upload_fix');
}}}
We do have `WP_CONTENT_DIR` defined and assume it should use this if set." jondavidjohn
Tickets Needing Feedback 42979 "Draw ""dismiss"" icon in upload errors in the error div, not after the action title" Upload trunk normal normal Future Release defect (bug) assigned 2017-12-25T15:58:42Z 2018-03-12T15:13:23Z "When an error occurs while uploading a file in the media manager, the icon to dismiss the error is (incorrectly, imho) floated near the title of the action and not with the actual error.
There is probably a larger underlying issue where the action text (e.g. ""Uploading"") is actually tied to the error (i.e. dismissing the error causes the action text to disappear) but is not visually drawn as part of the same dialog; but presumably in the case of multiple errors or when attempting to dismiss an error while another upload is underway, etc. the change suggested above should suffice.
In short, one merely seeing the error (see attached) by itself would be confused as to whether the would terminate the upload or dismiss the error, because of its layout and positioning." ComputerGuru
Tickets Needing Feedback 23895 Max upload size 0 when post_max_size = 0 johnbillion Upload 3.5.1 normal normal Future Release defect (bug) reviewing dev-feedback 2013-03-29T15:01:32Z 2017-11-29T14:29:56Z "As a convention, post_max_size can be set to 0 to disable any limitation on max post size.
Quote from php.ini:
{{{
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
}}}
WordPress does not take this into account in wp-admin/includes/template.php " moscar09
Tickets Needing Feedback 16191 Uploaded files with quote marks in the filename are undisplayable in MS Upload normal normal Future Release defect (bug) reopened dev-feedback 2011-01-11T19:28:49Z 2015-03-19T20:23:31Z "If you upload a file with quote marks in the filename, e.g. `""Test"".jpg`, WordPress records the filename as `%22test%22.jpg` but the file is called `""Test"".jpg` (on 'nix-like systems anyway) so is undisplayable.
I'm unsure about the implications (security and otherwise) of my suggested patch (attached), so please give feedback. (I guess the other approach would be to retain the url-encoded characters and ensure that the file is named with the URL encoded version of the filename.)" simonwheatley
Tickets Needing Feedback 18043 Uploaded images disappear after loading if using compression w/Apache Upload 3.2.1 normal major Future Release defect (bug) new dev-feedback 2011-07-08T22:49:15Z 2015-10-01T03:23:47Z "I have found an issue between WordPress (Multisite) + Google Chrome (Mac) which I think appeared on my sever when I enabled compression a few months ago, but could never reproduce because it only happens with images managed by a Multisite WordPress install, not static images.
With images that are static Apache sends the file and calculates the Content-Length its self so these images work fine but if you access a file uploaded to WordPress it uses the .htaccess redirect so the image requests are sent via ms-files.php for what ever reason.
The problem is that WordPress decides to calculate its own Content-Length header in the HTTP Response which means that security conscious browsers like Google Chrome freak out when the data they receive is less than they we're told by Apache and they resultantly disable the image.
The Content-Length calculation comes on line 43 of ms-files.php I don't know why its needed because Apache seems to sort it out automatically if you don't send your own header, in fact most of the file seems like an unnessisary load of processing, perhaps it needs reviewing but this is a major issue as it is a growing browser, on a growing platform.
Here is a great video of it in action: http://www.screencast.com/t/cUYKSegW0N
This issue has been repeatedly reported on the forum:
http://wordpress.org/support/topic/disappearing-images
http://wordpress.org/support/topic/multisite-images-broken
http://wordpress.org/support/topic/image-not-show-in-google-chrome-timthumbphp
Please fix this asap!" ctsttom
Tickets Needing Feedback 15924 Add 'media_default_link_type' option to parallel 'image_default_link_type' Upload normal normal Future Release enhancement new dev-feedback 2010-12-20T21:12:12Z 2015-12-03T19:36:40Z "It is often recommended that site owners change the 'image_default_link_type' option to ""none"" if they don't plan on linking to full size images often from their posts. The problem is that this also affects the default link type for other media (uploaded zip files, pdfs, etc.) Adding an additional option for 'media_default_link_type' which behaves in the same way would get around this problem.
" goldenapples
Tickets Needing Feedback 16849 Add a filter for $overrides in wp_handle_upload() Upload 3.1 normal normal Future Release enhancement new dev-feedback 2011-03-13T17:38:56Z 2018-02-14T21:50:26Z "I'm writing a plugin that needs to set a $unique_filename_callback in wp_handle_upload() during a normal post attachment upload (not a custom upload form), but there's no way to do it without a filter like this one:
{{{
$overrides = apply_filters( 'wp_handle_upload_overrides', $overrides );
}}}
For now I just modded my /wp-admin/includes/file.php to add it, but obviously that's not an ideal solution, especially since I plan on adding the plugin to the repository for others to use." iandunn
Tickets Needing Feedback 28753 Use reusable consistent CSS for the theme and plugin uploader Upload 4.0 normal normal Future Release enhancement new 2014-07-04T23:04:52Z 2018-02-05T17:55:28Z The theme uploader introduced a new look in 3.8. This patch gives the file upload container a more generic reusable class and I've added it to plugin upload for consistency between the views. paulwilde
Tickets with Patches 11946 Ensure image MIME type matches extension Viper007Bond Upload 3.0 normal minor Future Release defect (bug) reopened has-patch 2010-01-19T08:02:17Z 2017-01-11T16:35:21Z "Take a bitmap (BMP) and rename it to `.png`. WordPress will say it's an `image/png` everywhere you look. This can cause issues if you're trying to manipulate it (thumbnail it, etc.).
We should either fix the extension or reject it." Viper007Bond
Tickets with Patches 12756 WPMU does not handle files with two or more dots in the filename wpmuguru Upload 2.9.2 normal minor Future Release defect (bug) reopened has-patch 2010-03-29T07:23:50Z 2015-01-13T16:51:35Z "* WPMU does download images that have two or more dots in the file name
> E.g., One..jpg One...jpg One....jpg
rewrites do work (checked)
* this is clearly a WP issue:
> /wp-content/blogs.php
...
$file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] );
if ( !is_file( $file ) ) {
status_header( 404 );
die('404 — File not found.');
}
...
> WPMU removes two dots!!!
> workaround:
$file = BLOGUPLOADDIR . $_GET[ 'file' ]; // name.ly: workaround for files with two or more dots
tested and works fine
" Namely
Tickets with Patches 25449 wp_upload_dir() doesn't support https Upload 3.8 normal major Future Release defect (bug) new has-patch 2013-09-30T13:11:15Z 2016-10-07T16:41:29Z "The wp_upload_dir() function does not support https. I have added a simple is_ssl() check and a string replacement to serve the correct URL type.
'''Background behind what prompted me to write the patch:'''
I read a blog post by Kaspars Dambis in which he discussed fixing this problem via his own plugin, but it seems to me that since WordPress outputting an incorrect URL, that it would make most sense to fix it there.
http://kaspars.net/blog/wordpress/minit-plugin-ssl-https
" ryanhellyer
Unpatched Bugs 42437 Thumbnails can overwrite other uploads if filename matches Upload 4.8.3 normal normal Future Release defect (bug) new 2017-11-05T00:40:36Z 2018-05-17T10:31:36Z "Imagine you're browsing some WordPress site and you find an image ~~you want to steal~~ you like and want to upload to your own site. Not knowing any better, you download and save a thumbnail, `image-1024x768.png`. Later on you upload a different image called `image.png` to your site. Assuming you haven't changed thumbnail sizes, the large thumbnail of the second image will overwrite the original first image.
I've attached two images that you can use to test. Notice that `image-1024x768.png` will become the red image instead of staying green.
One possible solution to this is to add a flag to the thumbnail generation function that toggles overwriting existing files. It should default to overwriting for backwards compatibility but not overwrite on initial upload. If not overwriting, then `-2` could be added somewhere in the filename. The filename doesn't need to be predictable because it's stored in the metadata." Viper007Bond
Unpatched Enhancements 6814 Async media crunching koopersmith Upload 2.5 normal normal Future Release enhancement assigned 2008-04-23T00:19:05Z 2015-03-30T14:02:53Z "The upload part of the new multi-uploader is pretty nice now, but it blocks on the ""crunching"" phase, which can sometimes take 20-60 seconds, I assume to create medium thumbnails and such.
The crunching part of the upload should not block the next file beginning the upload process, it should happen asynchronously with the rest of the process." matt
Unpatched Enhancements 24934 More flexible response reporting in wp-plupload.js Upload 3.6 normal normal Future Release enhancement assigned 2013-08-03T00:30:06Z 2015-09-29T04:32:42Z "The wp-plupload.js wrapper to the plupload library only returns server responses to bound callbacks in the case of a well formed error (the server responds with {{{ { success: false } }}}).
Sometimes it may be useful to receive additional information from the server on ''successful'' upload. I have prepared a patch that allows for the {{{success}}} and {{{error}}} callbacks to receive server responses." ippetkov
Unpatched Enhancements 27860 Media Upload: Incorrect renaming increment for retina files Upload 3.9 normal normal Future Release feature request new 2014-04-17T12:23:40Z 2015-12-03T15:58:16Z "If a file is uploaded `myimgage.png` and then a second image is uploaded with the same name the file is renames `myimgage.png` to `myimgage1.png` this is fine.
However if a Retina image is uploaded using the Apple retina standard @2x i.e. `myimage@2x.png`
The increment is `myimage@2x1.png` this is not correct and should be `myimage1@2x.png`
Should be `myimage[[prefex]]@2x.png` NOT `myimage@2x[[prefex]].png` " phillbooth
Slated for Next Release 42008 Show warning that usernames can't be changed Upgrade/Install 4.8.2 normal minor 5.0 defect (bug) new has-patch 2017-09-27T16:10:48Z 2018-03-08T16:41:31Z "When we install WordPress, it says ""Please provide the following information. Don't worry, you can always change these settings later.""
But When we want to change username, WordPress does not allow. See screenshots." rinkuyadav999
Slated for Next Release 39189 Translation Update after 4.7 update gives Javascript Error swissspidy Upgrade/Install 4.7 normal trivial 5.0 defect (bug) reviewing has-patch 2016-12-08T20:51:27Z 2017-12-18T16:24:34Z "I just updated to WordPress 4.7, which then enabled the update translations button, so did so and it updated the translation no problem;
Update Translations
Updating translations for WordPress (en_CA)…
Translation updated successfully.
Return to WordPress Updates page
But my Debug Bar flagged a JS issue, inspecting the full error is;
update-core.php?action=do-translation-upgrade:428 Uncaught TypeError: Cannot read property 'decrementCount' of undefined
at https://bearmountain.ca/wp-admin/update-core.php?action=do-translation-upgrade:428:28
at https://bearmountain.ca/wp-admin/update-core.php?action=do-translation-upgrade:431:8
It goes away as soon as you go to another page, but wanted to flag the minor bug.
Original Support Ticket - https://wordpress.org/support/topic/translation-update-after-4-7-update-gives-javascript-error/" garrett-eclipse
Slated for Next Release 40470 WordPress installation steps - button press differences Upgrade/Install normal normal 5.0 defect (bug) new has-patch 2017-04-17T09:12:19Z 2018-01-22T16:47:01Z "Something that has been bothering me for every single WP install I do - the first two buttons in the step - Begin WP Installation, Input settings and Update wp-config.php are happening by typing, pressing tab and space to click the ""next"" buttons, but once I get to the ""All done, now you can login"" screen I can't use space to go next.
This is closely related to #26504 , as well as some older tickets that were closed in favor of the mentioned one, but since the login screen is not discussed there but the inner dashboard, I thought that this can be separated in a new ticket. (maybe ""good first ticket""?)
[[Image(http://i.imgur.com/VSzBXvC.png)]]
As mentioned above, to replicate: Clone WP core in new folder and install it through the browser, follow all steps and go to the next by pressing ""space"" on the final action buttons. Only the last step doesn't work with space but with enter instead." xavortm
Slated for Next Release 43301 wp_maybe_auto_update action is missing a docblock johnbillion Upgrade/Install normal normal 5.0 defect (bug) reviewing has-patch 2018-02-12T23:01:39Z 2018-02-19T18:26:17Z The `wp_maybe_auto_update` action is missing a docblock. johnbillion
Slated for Next Release 42133 Add filter to emails sent by wp_new_blog_notification() johnbillion Upgrade/Install 2.1 normal normal 5.0 enhancement reviewing has-patch 2017-10-07T14:27:37Z 2017-11-27T18:20:38Z "`wp_new_blog_notification()` contains a call to `wp_mail()` which sends an email when WordPress is first installed, and when a site is added to a Multisite network. ([https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-admin/includes/upgrade.php?marks=376-399#L361 Ref]).
The contents of the email cannot be filtered. The recipient, subject, message, and headers should be passed through a filter in the same format as the `password_change_email ` filter. ([https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/user.php?marks=1842-1864#L1818 Ref])." johnbillion
Slated for Next Release 36455 Call opcache_reset() after plug-in, theme or core update Upgrade/Install normal normal 5.0 enhancement new has-patch 2016-04-09T09:14:02Z 2018-05-17T22:45:00Z "wordpress it seem not reset Zend OpCache after plug-in, theme or core are updated.
For solve this issue i have set in the php.ini
{{{
opcache.validate_timestamps=1
}}}
all work correctly but validate_timestamps when it's enabled, PHP will check the file timestamp each request with a performance degradation. When it's disabled, PHP files are NEVER checked for updated code. When wordpress updating code, new code files can get mixed with old ones, the results are unknown. It's unsafe as hell.
Why wordpress not perform an opcache_reset() after each update if opcache is active and opcache.validate_timestamps is false?
" nigro.simone
Tickets Awaiting Review 34393 """update has failed"" message won't go away" Upgrade/Install 4.3.1 normal normal Awaiting Review defect (bug) new 2015-10-21T18:09:37Z 2015-10-21T21:15:57Z "After running a routine plugin update, the site became inaccessible for a few minutes with a blank white page saying ""Briefly unavailable for scheduled maintenance. Check back in a minute."" After approximately four minutes, the site became accessible again but the admin pages now show the message ""An automated WordPress update has failed to complete - please attempt the update again now.""
The words ""please attempt the update again now"" are a link to /wp-admin/update-core.php
Clicking the link has no effect, it simply reloads the page and the message is still there. It seems like this means one of two things: 1) there is no update that needs to be re-attempted, in which case the update software should realize that and remove the message - or 2) there really is an update needing to be installed and failing, in which case the error message should give the user some additional information (what plugin specifically is it that needs the update? what specifically is the reason it failed? etc).
Any suggestions on how to debug this problem and remove the persistent error message?
" steevithak
Tickets Awaiting Review 40572 .htaccess has incorrect permissions after installation rcutmore Upgrade/Install 4.7.4 normal normal Awaiting Review defect (bug) assigned has-patch 2017-04-26T09:11:09Z 2017-06-26T18:14:56Z "Having used the WordPress installation instructions and the .htaccess was installed on the server with 0600 permissions, instead of 0644 permissions (like all the other files). This caused our installation to function incorrectly, denying access to at least the login page.
Steps to reproduce:
- Install wordpress
- Fill in online 'setup' (the one where you choose admin credentials)
- Be redirected to the wp-login.php
- Get a 403 error" i3anaan
Tickets Awaiting Review 42923 Add new Docs to WordPress upgrade/install classes Upgrade/Install normal normal Awaiting Review defect (bug) new 2017-12-17T11:45:02Z 2017-12-17T11:45:02Z @DrewAPicture please review the attached patch. ramiy
Tickets Awaiting Review 16817 All updates have been completed Upgrade/Install normal normal Awaiting Review defect (bug) new has-patch 2011-03-10T09:41:22Z 2016-06-12T16:28:38Z "I tried to update 12 plugins at once, one of them ended with red error message ""An error occurred while updating PLUGIN_NAME: Could not remove the old plugin.""
But in the end of Update page is message ""All updates have been completed.""
And that is not right, because one plugin was not updated." pavelevap
Tickets Awaiting Review 38936 Alter Table Always Expects a COLUMN; Crashes on a CONSTRAINT Upgrade/Install normal normal Awaiting Review defect (bug) new 2016-11-24T17:25:13Z 2016-12-27T14:22:34Z "Hello,
I'm attempting to activate a plugin I'm developing. The database creation scripts have CONSTRAINTs on them. When I attempt to reactivate, I'm getting this error:
{{{
WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CONSTRAINT `mytable_mycol_foreign` FOREIGN KEY (`mycol' at line 1]
ALTER TABLE wp_mytable ADD COLUMN CONSTRAINT `mytable_mycol_foreign` FOREIGN KEY (`mycol`) REFERENCES `myothertable` (`myothercol`)
}}}
As you can see the SQL error lies in `ADD COLUMN CONSTRAINT`.
This is being generated in `wp-admin/includes/upgrade.php` around line 2392
{{{#!php
$fielddef) {
// Push a query line into $cqueries that adds the field to that table.
$cqueries[] = ""ALTER TABLE {$table} ADD COLUMN $fielddef"";
$for_update[$table.'.'.$fieldname] = 'Added column '.$table.'.'.$fieldname;
}
}}}
`ADD COLUMN` is hardcoded and is creating this SQL error. I googled for a solution but didn't find anything.
I've tried it with the constraints being part of the full table creation statement, and also as a stand alone statement, with the same results.
" philsown
Tickets Awaiting Review 37850 Auto-scroll to error notice on failed inline updates (plugins/themes) Upgrade/Install 4.6 normal normal Awaiting Review defect (bug) new 2016-08-27T16:14:49Z 2016-08-27T16:14:49Z "See a small UX issue in WordPress 4.6 on shiny updates.
In this case I noticed it on the network themes page when one theme has an update and that theme is below the fold (or view-port).
if the update has an error (of any kind), the response happens at the top of the page and a user would never know about the response message. I think in this case a forced scroll-to-top would be great or allow the shiny updates to show inline errors.
" austyfrosty
Tickets Awaiting Review 30915 Automatic translation update does not trigger notification email Upgrade/Install 4.1 normal normal Awaiting Review defect (bug) new 2015-01-05T16:42:41Z 2015-04-22T08:32:23Z "Apparently, my translation files were updated over night (overwriting all my custom translations) and I didn't even get a notification email. I made sure that mail() and wp_mail() works and then found that in '''class-wo-upgrader.php:2803''' the email is only triggered for 'core' type updates, not 'translation' types or any other. A translation update can easily render a site useless, and a notification should be sent for EVERY SINGLE CHANGE that Wordpress decides to do to itself anyway.
Also, the dashboard says that only ""security updates"" are installed automatically, and I would have never allowed translations to update automatically. Sure, digging deep in the online documentation later, I found the part about translations, but this '''should be mentioned in dashboard''' much clearer, including options to disable.
In the end, I think '''automatic translation updates should be off by default'''. Automatically updating something always bears the risk of breaking the site (even if only semantically). The only time I'd rather risk breaking the side is when otherwise I would risk leaving a critical exploit open, not for some dumb fixed typos. In fact, those are not 'critical' but 'trivial', putting them right on the other end of the criticality scale." ddaum
Tickets Awaiting Review 37322 Automatic update email subject line has grammatical error Upgrade/Install 3.7 normal normal Awaiting Review defect (bug) new has-patch 2016-07-10T14:54:21Z 2016-07-10T15:08:55Z "Automatic WP update message should have ""been"" in subject line.
" Ankit K Gupta
Tickets Awaiting Review 39781 Automatic updater does not work with VSFTPd server Upgrade/Install 4.7.2 normal normal Awaiting Review defect (bug) new 2017-02-03T23:26:40Z 2018-04-08T19:54:29Z "The automatic updater fails during update on verifying files.
The reason for the failure is that the file wp-admin/includes/class-wp-filesystem-ftpext.php and wp-admin/includes/class-wp-filesystem-ftpsockets.php use the ftp command NLIST to verify that the files wordpress/readme.html and wordpress/wp-includes/version.php exist before continuing with the installation.
When issuing the NLIST command to the VSFTPd server with a full filename, it returns with an empty list because the NLIST command is only meant to list directories. See https://www.ietf.org/rfc/rfc959.txt
{{{
NAME LIST (NLST)
This command causes a directory listing to be sent from
server to user site. The pathname should specify a
directory or other system-specific file group descriptor; a
null argument implies the current directory. The server
will return a stream of names of files and no other
information. The data will be transferred in ASCII or
EBCDIC type over the data connection as valid pathname
strings separated by or . (Again the user must
ensure that the TYPE is correct.) This command is intended
to return information that can be used by a program to
further process the files automatically. For example, in
the implementation of a ""multiple get"" function.
}}}
When wordpress gets back an empty list it makes the false assumption that the file does not exist.
Instead of using NLIST wordpress should use the LIST command which according to the same RFC should return information on the file if a file is specified.
{{{
LIST (LIST)
This command causes a list to be sent from the server to the
passive DTP. If the pathname specifies a directory or other
group of files, the server should transfer a list of files
in the specified directory. If the pathname specifies a
file then the server should send current information on the
file. A null argument implies the user's current working or
default directory. The data transfer is over the data
connection in type ASCII or type EBCDIC.
}}}
Replacing the VSFTPd server which correctly implements the NLST command with ProFTPd which implements the NLST command incorrectly by returning information about the file in question fixes the problem.
" a1cypher
Tickets Awaiting Review 37804 Can't view other plugin details while updating an active plugin Upgrade/Install normal normal Awaiting Review defect (bug) new 2016-08-23T22:28:00Z 2016-08-24T06:33:09Z "Steps to replicate:
1. Activate an outdated plugin.
2. From `/wp-admin/plugins.php`, click ""update now"" for the plugin.
3. While the plugin updates, click the ""View details"" link for another plugin (or ""view version [x.y.z] details"" for a plugin with an available update).
4. Instead of the details, you get maintenance mode.
The workflow where I encounter this behavior is, with multiple updates available, to start the upgrade for one plugin and try to read the upgrade notes for the next plugin while the last one finishes.
That said, maintenance mode might be the expected behavior, based on ticket:29820#comment:11. " dlh
Tickets Awaiting Review 20944 Changing plugin filename causes Fatal error on automatic activation after update Upgrade/Install 3.3 normal normal Awaiting Review defect (bug) new has-patch 2012-06-13T19:43:38Z 2017-05-29T14:23:45Z "In a new version of a (my) plugin in the WordPress repository, I changed the filename of the main plugin file (to match the folder name). When an old version of the plugin is activated, doing an automatic update to the latest version of the plugin (with the new filename), the following error message is displayed: ""The plugin jonradio-display-kitchen-sink/jonradio-kitchen-sink.php has been deactivated due to an error: Plugin file does not exist.""
An immediate manual Activation completes successfully.
Observed on sites with WordPress Network turned off and on, including when the plugin was Network Activated.
Plugin is jonradio Display Kitchen Sink, and update was from Version 1.0 to 1.1." adiant
Tickets Awaiting Review 29719 Connection error to WordPress.org when HTTP calls disabled Upgrade/Install 4.0 normal minor Awaiting Review defect (bug) new 2014-09-20T22:00:25Z 2015-09-24T14:13:38Z "When the HTTP calls are disabled with either the filter or constant there is an connection error on `/wp-admin/update-core.php`
{{{
add_filter( 'pre_http_request', '__return_true', 100 );
define( 'WP_HTTP_BLOCK_EXTERNAL', true );
}}}
The error comes from [https://github.com/WordPress/WordPress/blob/master/wp-includes/update.php#L457 wp-includes/update.php#L457]
" grapplerulrich
Tickets Awaiting Review 38498 Database errors during installation with an existing wp-config.php file Upgrade/Install normal normal Awaiting Review defect (bug) new 2016-10-25T22:45:48Z 2016-10-25T23:42:09Z See attached screenshot. ocean90
Tickets Awaiting Review 26056 Database is not upgraded in multisite if loopback is disabled Upgrade/Install 3.0 normal major Awaiting Review defect (bug) new 2013-11-15T21:17:06Z 2016-10-04T19:20:25Z "If on a server that disables loopback connections (like several shared hosting companies have implemented) when attempting to upgrade a WordPress Multisite the database is never upgraded from the normal upgrade process.
The normal upgrade process fails on the Network Upgrade wp_remote_get call with
{{{
Warning! Problem updating http://domain/subsite. Your server may not be able to connect to sites running on it. Error message: couldn't connect to host
}}}
The intent seems to be that logging in to the site(s) would fix it as the help on the Upgrade Network page (/network/upgrade.php?action=upgrade) says
{{{
If this process fails for any reason, users logging in to their sites will force the same update.
}}}
but although logging in attempts the update, that also fails (but silently) as it also fails on the wp_remote_get.
There's nothing that indicates the database version is out of step with the code and so no prompt. At least manually going to /wp-admin/upgrade.php and all /subsite/wp-admin/upgrade.php does fix it.
To replicate:
1) Get a server where loopback is disabled (or perhaps simulate it using the pre_http_request filter)
2) Install multisite using WP 3.0
3) Create a subsite
4) Upgrade to latest WP version using the link in the admin
5) Check the database version in the wp_options, wp_x_options table - or use this code to add the version into dashboard rightnow
{{{
add_action('rightnow_end','dbversion');
function dbversion(){
$dbv = get_option('db_version');
echo ""DB Version: $dbv"";
}
}}}
6) Log in/out to main site and subsite - database version remains at the old level
7) Manually visit the /subsite/wp-admin/upgrade.php page and upgrade it's database. The subsite db version will now be correct, but the main site will not until /wp-admin/upgrade.php is also visited" creativeinfusion
Tickets Awaiting Review 43284 "Drop-in: Disabling ""wp_install_defaults"" affect permalinks & ""/login"" redirect" Upgrade/Install 4.9.4 normal normal Awaiting Review defect (bug) new 2018-02-11T05:13:59Z 2018-02-11T12:03:39Z "I want to prevent default ""Uncategorized"" category, first post (Hello world!), first page, and default widgets.
I need to disable `wp_install_defaults`. So, I created Drop-in `/wp-content/install.php` which contains:
{{{#!php
}}}
Strangely it also disable default permalinks setting (it not select ""Day and name"" but ""Plain"" instead), even though permalinks is on different function `wp_install_maybe_enable_pretty_permalinks`.
It also not redirect `/login/` to `/wp-login.php`." rajitrazaki
Tickets Awaiting Review 26822 During upgrade, no errors thrown when file permissions are wrong Upgrade/Install normal normal Awaiting Review defect (bug) new 2014-01-13T10:58:08Z 2016-06-26T20:44:41Z "I am, for the first time, attempting a Wordpress auto-upgrade.
I was quite shocked to immediately see an FTP credentials dialog, as these credentials I treat as secret and do not wish to randomly spew them into the system that theoretically should simply be able to modify itself -- if filesystem permissions were proper.
I wish to see an error message ""tried X, failed, exact failure error message, now trying FTP""
A number of current chatters in #wordpress on FreeNode state that this is actually not an error -- a position I vehemently disagree with.
If _any_ operation fails, in the due-course of a program, SOMETHING should elaborate this within the normal course of execution for the task, especially the app itself that cannot write its own files.
I would much rather like to see this from within the app updating itself, and not have to deduce it via any number of other, less-obvious methods, such as error logs on the server, filesystem access denial audits, etc. " mystica555
Tickets Awaiting Review 37927 Errors occurring after upgrading to WordPress 4.6 Upgrade/Install 4.6 normal normal Awaiting Review defect (bug) reopened 2016-09-02T20:48:01Z 2017-12-31T21:00:42Z "Hi,
I am facing several errors in the backend after upgrading to WordPress version 4.6
For example when i try to delete a theme i get the following error outlined in a red notification box:
'''Deletion failed: undefined'''
When i try to update a plugin i get the following error:
'''Update Failed: Internal Server Error'''
Is there a quick fix for this?" Pulsar_Media
Tickets Awaiting Review 40873 Fatal Error from class-wp-ajax-upgrader-skin.php file Upgrade/Install normal critical Awaiting Review defect (bug) new has-patch 2017-05-26T20:32:03Z 2017-06-19T18:38:49Z "In the file /wp-admin/includes/class-wp-ajax-upgrader-skin.php line no 86:
{{{
public function error( $errors ) {
if ( is_string( $errors ) ) {
$string = $errors;
if ( ! empty( $this->upgrader->strings[ $string ] ) ) {
$string = $this->upgrader->strings[ $string ];
}
if ( false !== strpos( $string, '%' ) ) {
$args = func_get_args();
$args = array_splice( $args, 1 );
if ( ! empty( $args ) ) {
$string = vsprintf( $string, $args );
}
}
// Count existing errors to generate an unique error code.
$errors_count = count( $errors->get_error_codes() );
$this->errors->add( 'unknown_upgrade_error_' . $errors_count + 1 , $string );
} elseif ( is_wp_error( $errors ) ) {
foreach ( $errors->get_error_codes() as $error_code ) {
$this->errors->add( $error_code, $errors->get_error_message( $error_code ), $errors->get_error_data( $error_code ) );
}
}
$args = func_get_args();
call_user_func_array( array( $this, 'parent::error' ), $args );
}
}}}
Here the line {{{ $errors_count = count( $errors->get_error_codes() ); }}} will run if it passes {{{ if ( is_string( $errors ) ) }}} condition. But if {{{ $errors }}} is string, then how can it be treated as object in {{{ $errors->get_error_codes() }}} ? Should not it be {{{ $this->errors->get_error_codes() }}} ?" bappi.d.great
Tickets Awaiting Review 40094 Fatal error during update WordPress Upgrade/Install normal normal Awaiting Review defect (bug) new 2017-03-10T11:25:18Z 2017-03-10T11:25:18Z "`$wp_version = '4.7.2';`
{{{
[10-Mar-2017 11:12:08 UTC] PHP Fatal error: Maximum execution time of 30 seconds exceeded in \wp-includes\Requests\Transport\cURL.php on line 463
}}}
{{{
[10-Mar-2017 11:17:33 UTC] PHP Fatal error: Maximum execution time of 30 seconds exceeded in wp-admin\includes\file.php on line 707
}}}
then I can't make update again because I have notice about other update. After remove option `core_updater.lock` I can try make update.
Details of my env:
PHP Version 7.0.9
System Windows NT NAME 10.0 build 14393 (Windows 10) i586
Apache Version Apache/2.4.23 (Win32) OpenSSL/1.0.2h PHP/7.0.9
Apache 2.0 Handler" sebastian.pisula
Tickets Awaiting Review 38084 Fix Inconsistency Theme and Plugin Update Process When No Package Found Upgrade/Install 4.6.1 normal normal Awaiting Review defect (bug) new 2016-09-18T04:15:19Z 2016-09-18T04:15:19Z "This patch is to solve inconsistency when update package is not available for theme and plugin.
""Updata package not available"" happen when there's an update data, but the package (ZIP URL) data is not available in that data.
This is the notice that update is available but package/zip url to update not available (this is the correct way):
Plugin Screen ( wp-admin/plugins.php ):
https://dl.dropboxusercontent.com/u/32880842/etc6/plugin-update-package-na.png
Theme Modal in Theme Screen ( wp-admin/themes.php?theme={theme-name} ) :
https://dl.dropboxusercontent.com/u/32880842/etc6/theme-update-package-na-modal.png
However, WP still show update action link in:
1) Theme Screen ( themes.php ):
https://dl.dropboxusercontent.com/u/32880842/etc6/theme-update-package-na-link.png
Which result to this if user click it:
https://dl.dropboxusercontent.com/u/32880842/etc6/theme-update-package-na-error.png
2) Update Screen ( wp-admin/update-core.php ):
Still show the update checkboxes
https://dl.dropboxusercontent.com/u/32880842/etc6/update-code-checkbox-no-package.png
Which will result to this when user try to update it:
Plugin:
https://dl.dropboxusercontent.com/u/32880842/etc6/bulk-update-plugin-no-package-error.png
Theme:
https://dl.dropboxusercontent.com/u/32880842/etc6/bulk-update-theme-no-package-error.png
And i think that this error is unnecessary.
Effected Files:
1) wp-admin/themes.php
2) wp-admin/includes/theme.php
3) wp-admin/css/common.css (I didn't change minified version)
4) wp-admin/update-core.php
Patch Results:
1) Remove checkboxes of theme and plugin with no update package:
https://dl.dropboxusercontent.com/u/32880842/etc6/update-core-no-package-no-checkbox.png
2) Remove update link (actually button) on themes screen if package not available:
https://dl.dropboxusercontent.com/u/32880842/etc6/themes-screen-no-package-no-button.png" turtlepod
Tickets Awaiting Review 35587 If core in under version control, don't let the user update manually Upgrade/Install normal normal Awaiting Review defect (bug) new 2016-01-23T10:19:01Z 2016-01-23T14:54:07Z "If core is under version control, I don't think the user should be able to manually update it (and break it). I know auto updates are disabled in this case, but shouldn't manual updates be disabled too?
E.g. WordPress is installed in a subdirectory and syncs trunk every hour. A manual update would revert the changes back to the last nightly build until the next sync.
" iseulde
Tickets Awaiting Review 33571 Improvements for plugin upgrades when disk space runs out (or other write failure) Upgrade/Install normal normal Awaiting Review defect (bug) new 2015-08-27T14:55:52Z 2016-02-02T22:58:21Z "Problem: here's a support issue I see all the time:
* User sees a plugin update available, and attempts to update.
* The user runs out of disk space (or hosting account quota) half-way though, causing the recursive copy (of the unzipped new plugin into wp-content/plugins/(slug) to fail half-way through...
* ... leaving a directory in wp-content/plugins/(slug) that's only half-populated
* If the file with the plugin header was not one of the files that got copied in (i.e. the abort happens before reaching that file), then the plugin no longer shows in the ""Plugins"" page in the dashboard.
* Problem: user can't de-install the plugin from their dashboard - but attempts to re-install also fail, as the directory wp-content/plugins/(slug) already exists, which WP will complain about.
Unless the user has a high level of skills, at this point he is stumped, and raises a support request - usually with the plugin supplier.
I'm not sure of the exact conditions for this, as I can see in wp-admin/includes/class-wp-upgrader.php that the destination is cleared first, which in theory should create enough space for copying over the new version. However, the new version could be bigger than the old. I've also seen this inconsistent state left when the copy fails for no obvious cause (succeeds on a second attempt, after clearing out the inconsistent state).
To be clear: the real problem is that the update process is not sufficiently atomic. It's too easy for the filesystem to be left in an inconsistent state where the user can neither remove, nor re-install, their plugin without resorting to either FTP or expert skills (e.g. a file manager plugin). Basically, each time we make a new release of UpdraftPlus ( https://wordpress.org/plugins/updraftplus, 500,000 installed users ), I estimate we're likely to handle this support request half-a-dozen times. Multiply that by all the plugin downloads in the WP directory, and all the releases made in a year, and you can get a good picture of how many man-hours could be saved by finding a resolution for this.
Possible solutions?
a) One cunning/quick work-around would be if the code that copies the new plugin in could always attempt to *begin* with the file that has the plugin header. This way, it maximises the chances of that file being copied before any abort, meaning that the user will be able to see, and delete, the plugin from their 'Plugins' page, should an abort happen.
b) Instead of copying directly into wp-content/plugins/(slug), do something more atomic, e.g. use a temporary name - e.g. wp-content/plugins/.(slug).(random-or-special-string), and rename when done. The dashboard ""Plugins"" page could also be trained to recognise this pattern, so that if any such exist, it will hide the ""Activate"" link, and only allow the user to delete (so that they can fix their problem and re-install the plugin).
Thoughts? I'd love to not have to see this support request so many times
#25576 is sort-of related, in that it deals with checking disk space for core upgrades; but in my anecdotal view, I see the issue more times related to web hosting account quota, which there's no easy way to know from PHP, rather than disk space which can be easily checked with disk_free_space()." DavidAnderson
Tickets Awaiting Review 37341 Improvements to the list-table.css (breaks the plugin info popup) Upgrade/Install 4.5.3 normal normal Awaiting Review defect (bug) new 2016-07-12T13:27:37Z 2016-07-12T13:27:37Z "The problem appears '''in the ""View Details"" popup''' with '''custom updater''' scripts when the information sections are retrieved from a 3rd party server, not from the WP-org.
For example, when plugins use WooCommerce API Manager, the sections are regular pages and they might have any markup, including headings and images.
'''Fix 1.'''
In `list-tables.css`:
{{{
.plugin-install-php h2 {
clear: both;
}
}}}
forces the H2 line jumping down, after the `.fyi` DIV at the right.
'''Fix 2.'''
Images must not go wider than their container.
A possible fix would be adding the following rules to the `list-table.css`:
{{{
#section-holder .section h2 {
clear: none;
}
#section-holder .section img {
max-width: 100%
}
}}}
" tivnet
Tickets Awaiting Review 29875 Inconsistent button styles for install chriscct7 Upgrade/Install 4.0 normal normal Awaiting Review defect (bug) reviewing 2014-10-06T21:30:41Z 2017-10-10T02:01:51Z "The language pack selection screen features a blue button aligned to the right like so.
https://cloudup.com/cvOk27SYJij
While the next few steps of the install process feature a grey button aligned to the left, at least for Canadian English.
https://cloudup.com/cgi_-PW5Ot1
The alignment may be language specific. Not sure if that can be corrected in some way to be less jarring, maybe with centred alignment. The colour shift seemed odd enough to report." iandstewart
Tickets Awaiting Review 42307 Installing WP in Subfolders and https Issue Upgrade/Install 4.8.2 normal normal Awaiting Review defect (bug) new 2017-10-22T21:29:39Z 2017-10-23T13:06:28Z "Note sure what component to set this ticket to, but here is the issue.
I have a domain with SSL enabled. I wanted to install WordPress in a subdirectory (folder) while the root of my website is static HTML pages. Installed it, but noticed that the site urls in General settings do not inherit https; they are http only. Change them to https and click save and then I get too_many_redirects error and locked out of admin. Have to go in db to change back to http or do a complete reinstall of WP.
Turns out this is related to ""mixed content"". I reinstalled WP and before changing http to https, I noticed the source code had shown http (for assets) and https as well mixed in. Reset General settings to https and again, error and locked out.
Finally came across a few plugins for this issue: SSL Insecure Content Fixer and also Really Simple SSL. I tried the first one and it worked, although I still had to manually change the General site url settings to https. Everything worked.
I then disabled the plugin, manually changed the site url to https again, and was locked out again. Reinstalled WP but this time tried the other plugin (which automatically changed the site url setting to https....everything working as well.
So it appears this has been a long-time issue when looking in Google and knowing there are plugins to fix this, means that it's a problem that has been around for a long time with the core and installation of WP in a sub folder on an SSL enabled domain. Technically, people should not require the use of a plugin to solve this.
" mocha365
Tickets Awaiting Review 39757 Issue while updating WordPress to 4.7.2 Upgrade/Install 4.7 normal normal Awaiting Review defect (bug) new 2017-02-01T09:39:02Z 2017-02-01T09:45:56Z "Hello There,
Firstly I'm not a core developer like U. But the issues I saw when update WordPress from to 4.7.2 are mentioned below with screenshot.
1. When I update WordPress It shows that your WordPress is updated and show recent version of WordPress.
2. Then I click on Updates, and still it shows the message ""You have the latest version of WordPress. Future security updates will be applied automatically.""
3. Also Language option Drop-Down does not displays in User Profile page.
" pradeepphule
Tickets Awaiting Review 25714 Notices with translation upgrade Upgrade/Install 3.7 normal normal Awaiting Review defect (bug) new 2013-10-26T15:51:56Z 2015-10-07T20:23:47Z "Hello,
There are some php notices when WordPress tries to upgrade translations if the file does not exist. As a result, the upgrade fails.
{{{
Warning: copy(/volume1/web/screenfeed/wp-content/languages/themes/twentyeleven-fr_FR.po): failed to open stream: Permission denied in /volume1/web/screenfeed/wp-admin/includes/class-wp-filesystem-direct.php on line 217
}}}
In this case, these are the upgrades for TwentyTen and TwentyEleven: while the themes exist in the folder ''wp-content/themes'', the .po and .mo files in the folder ''wp-content/languages/themes'' don't.
Regards.
Greg" GregLone
Tickets Awaiting Review 35707 On installation page, autocompleted password should not be visible. Upgrade/Install 4.3 normal normal Awaiting Review defect (bug) new 2016-02-03T22:03:17Z 2016-03-23T20:15:58Z "We have a development server where new installations of WordPress are regularly created on the same domain.
On the WP installation page, if you enter a username used elsewhere on the domain, the password field will be autocompleted if you have set the browser to remember it.
The fact the autocomplete occurs is not a problem - however, the password appears in plain text. If anybody else is watching the screen, seeing a brand new random password for a brand new installation is OK (and you can click hide and change it if necessary) - but seeing a saved password from elsewhere is not.
Autocompleted passwords should never appear in plain text. Removing autocomplete is one option, though some people may find it useful - but I think the ideal solution is that any changes to the password field should hide it automatically." smerriman
Tickets Awaiting Review 40326 One Click Install Problems with WordPress 4.7.3 Upgrade/Install 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-31T16:34:41Z 2017-03-31T16:34:41Z "I've been having a bizarre issue with One Click Installs for WordPress now that they've upgraded to version 4.7.3
I follow all the usual instructions (set username, password, email, database options, etc) in the same way that works for every previous time that I've used a One Click Install.
But this time, when I go to the site. I find I can go to the /wp-admin/ folders, and access all of the Admin panel features. Changes are being saved to the database. Updating Permalinks modifies .htaccess correctly. Everything seems fine until I try to go to the site. It immediately redirects me to an error page associated with the Hosting service.
The exact same error has been reproducible for me at GoDaddy, BlueHost, and MediaTemple, so I believe the error is somewhere in the WordPress version.
I have found a lengthly fix to the problem, but this shouldn't be a problem in the first place.
Upload and replace files from WordPress version 4.7.2
Refresh an Admin page.
Upload and replace files from Wordpress version 4.2.2
Refresh an Admin page.
Site will require a database update, click button to initiate it.
Once site is up, click ""upgrade to 4.7.3""
After following all these steps, the site works again. I've tried omitting a step or switching up the order, but it seems only by following these steps in this order is my problem fixed.
What is going on?" okomikeruko
Tickets Awaiting Review 27740 Passwords consisting of spaces are valid at install time Upgrade/Install 3.8.2 normal normal Awaiting Review defect (bug) new has-patch 2014-04-09T19:27:17Z 2015-10-31T15:41:08Z "Steps to reproduce:
1. Install a fresh copy of Wordpress (after initial database information page)
2. Fill out the relevant fields (username, email, site title)
3. On the password fields, press the spacebar once (so your password is one space)
4. Submit
The install completes and prompts you to log in, using your single-space password
The login page returns an error:
Error: The password field is empty.
..rendering login impossible
I believe this is similar to #24973. Preferably there would be a check during install to see if the password consists of just spaces (or other characters that would be stripped).
" nfreader
Tickets Awaiting Review 22287 Plugin in another plugin folder causes Activate link to be wrong on Download Upgrade/Install 3.4 normal normal Awaiting Review defect (bug) new dev-feedback 2012-10-26T15:30:52Z 2017-08-18T15:35:55Z "I am not sure if shipping a plugin within another plugin is officially supported, but there is an inconsistency between the activate links in the Manage Plugins page, and the Activate Plugin on the Plugin Downloaded success page.
This is because on the Manage Plugins page, the `get_plugins()` is going to scan the plugins dir and all dirs within it, however, on the Upgrade page, it calls `get_plugins()` specifying the plugin dir as the base (see https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/class-wp-upgrader.php#L579)
That will cause the ""embedded"" plugin to be picked up, and if it's alphabetically above the main plugin file (presumably) see code comment "" //Assume the requested plugin is the first in the list""" joehoyle
Tickets Awaiting Review 43503 Problematic handling of folder name when using upload to add a new theme and problem with delete when forder name have a version number in filename. Upgrade/Install 4.9.4 normal normal Awaiting Review defect (bug) new 2018-03-08T16:50:42Z 2018-03-08T16:54:39Z "Hello,
First bug here. Thanks for the great platform!
I report this as a bug but I think it's probably a bug and a enhancement suggestion.
We are about to release a platform with a plugin and theme that are dependant on each other and could not comply to WordPress official theme and plugin repository, so we will distribute it through Github.
We have a documentation that will be offered in the Wiki to assist with the installation and to offer a simple evaluation installation process, I have used the upload theme feature and another library to install
the required plugin (http://tgmpluginactivation.com/).
For convenience, I also use this other wonderfull projet (https://github.com/YahnisElsts/plugin-update-checker) to add upgrade from Github integrated in WordPress UI.
While testing the integration I stumbled with a few problems and it looks like one is on WordPress side.
For my test, I had a theme release in Github that was named ""theme-exemple-1.0.zip"".
When I import this file using WordPress UI, everything goes well. The folder created in wp-content/themes is named ""theme-exemple-1.0"".
BUG: If I try to delete the theme from WordPress UI, the delete is not working (theme not found). I have to rename the folder manually to theme-exemple to be able to delete it (from UI).
I traced the code and was actually surprised to discover that there where no way to change the folder name.
1) The upload process doesn't use metadata from the header of style.css to calculate the slug / folder name (I think this is done on plugin side).
2) It's not possible to have a sub-folder to encapsulate the rightly named folder.
By exemple :
release.zip containing a folder ""theme-exemple"" (the process to find style.css should scan folders and drill down in folders and accept the package and corresponding folder if it can find ONE styles.css?)
There was a related issue with ""plugin-update-checker"" where the name of the theme is calculated from slug and become ""theme-exemple-10"" (without the dot), so WordPress fails the upgrade of the plugin because
""plugin-update-checker"" use ""theme-exemple-1.0"" as theme identifier.
As a workaround, I will modify the filename of my release on github to not have the version tag on it (which is in some ways convenient).
Maybe a known issue?" anonym999999
Tickets Awaiting Review 36773 Showing incorrect number of Updates from dashboard Home Upgrade/Install 4.5 normal normal Awaiting Review defect (bug) new 2016-05-05T22:20:34Z 2016-08-23T17:56:10Z "In the last few weeks as the release of WordPress 4.5 came out I have noticed a small bug within WordPress that shows the incorrect number of updates from the dashboard at the top of the page on the toolbar.
For example, today I logged into my dashboard for my blog and it showed 1 update then I clicked on it and it directed me to the updates page and said that two updates for plugins were there so I updated it. It's not major, just a small glitch.
This was not preformed with a multisite." javawpscript
Tickets Awaiting Review 40241 Showing wrong Core current version on the update page. Upgrade/Install 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-23T15:47:43Z 2017-03-27T06:22:12Z "I am using development version '''4.8-alpha-40312''' but in the update page it shows stable version. '''4.7.3'''
''If you need to re-install version 4.7.3, you can do so here:''
I checked in the '''wp-admin/update-core.php''' and found this
{{{#!php
';
list_core_update( $update );
echo '';
}
}}}
This line '''$updates''' should be '''$updates[0]''' to get latest version on wordpress.
{{{
array (
0 =>
stdClass::__set_state(array(
'response' => 'development',
'download' => 'https://wordpress.org/nightly-builds/wordpress-latest.zip',
'locale' => 'en_US',
'packages' =>
stdClass::__set_state(array(
'full' => 'https://wordpress.org/nightly-builds/wordpress-latest.zip',
'no_content' => false,
'new_bundled' => false,
'partial' => false,
'rollback' => false,
)),
'current' => '4.8-alpha-40312',
'version' => '4.8-alpha-40312',
'php_version' => '5.2.4',
'mysql_version' => '5.0',
'new_bundled' => '4.7',
'partial_version' => '',
'dismissed' => false,
)),
1 =>
stdClass::__set_state(array(
'response' => 'latest',
'download' => 'https://downloads.wordpress.org/release/wordpress-4.7.3.zip',
'locale' => 'en_US',
'packages' =>
stdClass::__set_state(array(
'full' => 'https://downloads.wordpress.org/release/wordpress-4.7.3.zip',
'no_content' => 'https://downloads.wordpress.org/release/wordpress-4.7.3-no-content.zip',
'new_bundled' => 'https://downloads.wordpress.org/release/wordpress-4.7.3-new-bundled.zip',
'partial' => false,
'rollback' => false,
)),
'current' => '4.7.3',
'version' => '4.7.3',
'php_version' => '5.2.4',
'mysql_version' => '5.0',
'new_bundled' => '4.7',
'partial_version' => '',
'dismissed' => false,
)),
)
}}}
" thamaraiselvam
Tickets Awaiting Review 39746 Suddenly getting error on all of my servers: Unable to locate WordPress content directory (wp-content). Upgrade/Install 4.7.2 normal normal Awaiting Review defect (bug) new 2017-01-31T07:13:39Z 2017-03-08T05:04:54Z "Hi
I have now been getting these update errors, I have never had problems before. It always worked using ssh2.
This happened while I was overseas (5 weeks), so I am not sure when this started - but before I went ALL of my servers (CentOS 6.8 with php 5.6, all latest patches) where still able to update.
Suddenly I started getting ""could not update wordpress"" as I have automatic updates setup, now I can update some machines, some I cannot.
I thought I try one of the servers (the development server) with latest php 7.1, maybe that gets rid of that problem - it did not solve the issue, so I went back to the original php install.
What is really strange I have a development server/install of one website on a different server as the main server. Both installs are identical (as in core/plugins/etc) The main server I can happily update the wordpress site using ssh2, the development server I cannot update the wordpress site anymore - the ONLY difference is the domain name. Both servers run the nearly the same software (the development machine has a few more yum packages) both OS and web-environment are the same, they even have the same php.ini file.
When I change the development server from FS_METHOD=ssh2 to FS_METHOD=direct it works (after updating the file permissions), but I do not like this as the files need to be write-able by the user running the server, with ssh2 I can have different owner and group which is way more secure.
I too have another wordpress install that I cannot update. I know that all settings/keys/permissions etc are correct as it USED to work.
Help please!
" jobst
Tickets Awaiting Review 29408 Symlinked themes and plugins should not be updatable Upgrade/Install 3.9 normal normal Awaiting Review defect (bug) new 2014-08-28T01:06:12Z 2015-05-19T18:49:18Z "Hi.
Symlinked themes and plugins should not be updatable nor editable.
I don't know if I'm the only one it happens but every time I try to update a symlinked plugin, WP try to update it and... simply delete it >_< (yeah, I forget every time). I guess the problem is the same if I try to edit the plugin via the plugin editor." GregLone
Tickets Awaiting Review 28300 Two issues in the code for auto-uploading to subfolders Upgrade/Install 3.9.1 normal normal Awaiting Review defect (bug) new 2014-05-18T17:05:26Z 2015-12-03T19:19:59Z "There are two issues in the code for auto-uploading to subfolders within a change rooted FTP (wp-admin/includes/class-wp-filesystem-base.php).
First, it adds a ""/"" to the replacement expression when the source replacement already contains a ""/"" (Note that ABSPATH has a trailing slash):
{{{
$potential_folder = preg_replace( '#^' . preg_quote( $dir, '#' ) . '/#i', trailingslashit( constant( $constant ) ), $folder );
}}}
This should be:
{{{
$potential_folder = preg_replace( '#^' . preg_quote( trailingslashit($dir), '#' ) . '#i', trailingslashit( constant( $constant ) ), $folder );
}}}
Second, it checks that the directory exists. This is not the case during theme and plugin installs, where the not existing directory is specified. Instead, only the parent should be checked.
After:
{{{
if ( $this->is_dir( $potential_folder ) ) {
$this->cache[ $folder ] = $potential_folder;
return $potential_folder;
}
}}}
Adding:
{{{
else {
$potential_parent_folder = trailingslashit(preg_replace('#[^/]*/$#', '', $potential_folder));
if ( $this->is_dir( $potential_parent_folder ) ) {
$this->cache[ $folder ] = $potential_folder;
return $potential_folder;
}
}
}}}
Would test for a valid parent, instead. (E.g. wp-content/themes instead of wp-content/themes/newtheme)" wiziapp
Tickets Awaiting Review 20615 Unknown error when running plugins_api() with invalid slug Upgrade/Install normal normal Awaiting Review defect (bug) reopened 2012-05-05T14:59:07Z 2018-01-12T00:54:42Z "Input:
{{{
$api = plugins_api( 'plugin_information', array( 'slug' => 'doesnt-exist' ) );
var_dump( $api );
}}}
Expected result:
{{{
WP_Error Object
(
[errors] => Array
(
[invalid_slug] => Array
(
[0] => Invalid plugin slug.
)
)
[error_data] => Array
(
[invalid_slug] => 404;
)
)
}}}
Actual result:
{{{
WP_Error Object
(
[errors] => Array
(
[plugins_api_failed] => Array
(
[0] => An unknown error occurred during the API request.
)
)
[error_data] => Array
(
[plugins_api_failed] => N;
)
)
}}}
PS: I have no idea what that 'N' is supposed to represent." scribu
Tickets Awaiting Review 39135 Update to WP 4.7 results in white screen bug Upgrade/Install 4.7 normal normal Awaiting Review defect (bug) new 2016-12-07T06:46:29Z 2016-12-23T13:09:57Z "After doing a manual upgrade to WP 4.7, the browser is redirected to:
{{{
/wp-admin/about.php?updated
}}}
and you get a blank white screen. If you quickly enable PHP debugging and refresh the white screen page, you get this error:
{{{
Fatal error: Call to undefined function get_user_locale() in /var/www/winshuttle.fr/wp-admin/about.php on line 22
}}}
If you wait about 1-2 minutes and refresh, the admin area works again you're taken to the usual ""Database upgrade"" page at this URL:
{{{
/wp-admin/upgrade.php?_wp_http_referer=%2Fwp-admin%2Fabout.php%3Fupdated
}}}
I wonder if this has something to do with the PHP cache not being cleared properly after the upgrade operation finishes?
SERVER AND SOFTWARE CONFIGURATION
Two separate installs on two separate servers showed this behavior. Each server is running:
- Debian 8.6
- Apache 2.4.10-10
- PHP 5.6.27 (phpinfo() output: https://gaelanlloyd-xfer.s3.amazonaws.com/wp47-upgrade-issue-phpinfo.htm)
- MariaDB Client/Server 10.0.28-0" gaelan
Tickets Awaiting Review 27511 "Upper ""Select All"" checkbox for list of plugins to update on update-core.php does not work on first click" Upgrade/Install 3.8.1 normal minor Awaiting Review defect (bug) reopened 2014-03-25T13:41:24Z 2018-03-05T14:02:43Z "(Minor annoyance)
On the admin page:
{{{
update-core.php
}}}
when there is a list of plugins with Updates Available, the first time you click on the ""Select All"" checkbox, it does not actually affect any of the checkboxes in the list.
The first time it happened, I just thought it might be a one-time or install-specific occurrence. Then, I had to update a different WordPress install on the same cPanel server, in a different account. In both cases, I went to the equivalent ""Select All"" checkbox at the bottom of the list, and it worked on the first click.
I then had to do updates on a VPS with a multisite install of Wordpress, and again the upper box did not work at first. However, I kept clicking it, and after about clicking it on, then off, then on again, the upper checkbox started affecting all the checkboxes in the list again.
" vanjwilson
Tickets Awaiting Review 32652 Use `ignore_user_abort()` to avoid some update failures Upgrade/Install normal normal Awaiting Review defect (bug) new 2015-06-15T05:50:51Z 2015-06-15T05:50:51Z "As mentioned in [comment:5:ticket:16066] and [comment:5:ticket:29679] we should consider using `ignore_user_abort()` to prevent the potential issue of an upgrade process being aborted mid-way due to a browser cancellation.
This could be called before any update activity starts, or perhaps only after actual changes start happening (ie. after the zipfile download, before the file alterations)." dd32
Tickets Awaiting Review 27758 WP_Error data is false in _unzip_file_ziparchive Upgrade/Install 3.7 normal normal Awaiting Review defect (bug) new 2014-04-11T14:25:07Z 2015-12-03T18:06:40Z "This is a follow-up to #22704, and the short version because after my long version crashed on 'continue to preview' :(
{{{
return new WP_Error( 'mkdir_failed_ziparchive', __( 'Could not create directory.' ), substr( $_dir, strlen( $to ) ) );
}}}
`substr( $_dir, strlen( $to ) )` results in false for the 'upgrade' folder and the zipfile folder itself. For the other folders the 'data' is simply not very informative and could be even confusing.
Before [25780], it used to be just `$_dir`; isn't that a much more informative feedback?
" ruud@…
Tickets Awaiting Review 26626 WP_Upgrader::unpack_package() can overflow path name length limits Upgrade/Install 2.7 normal normal Awaiting Review defect (bug) new dev-feedback 2013-12-14T17:16:10Z 2015-05-21T01:42:39Z "I had no idea that in 2013, there were still operating systems with pathname length limits of only 256 characters. But, apparently there are - I've had 3 reports of it in the last week (which came after I included an SDK in one of my plugins that had a lot of sub-directories).
Two of the victims got hit when unpacking the plugin through a normal update. To prevent this in future, I restructured my plugin.
The other victim was running Bitnami WAMP, with PHP 5.4.22 (Windows NT AFLAPTOP 6.1 build 7601 (Windows 7 Business Edition Service Pack 1) i586), and he was accessing WP_Upgrader::unpack_package() via a restore operation in UpdraftPlus Backup/Restore (http://wordpress.org/plugins/updraftplus), which uses this method to unpack zip files.
See http://wordpress.org/support/topic/restore-fails-could-not-create-directory for more information on that. Basically, it boiled down to ""WP_Upgrader::unpack_package() uses the basename of the zip file to create a directory in WP_CONTENT_DIR/upgrade/"". So, if the zip file name is very long, then a meaningful amount of the potential 256-character limit can be lost.
The guy running Bitnami lost 80 characters to reach his upgrade folder: `C:\Program Files\BitNami WAMP Stack\apps\wordpresslucid\htdocs\wp-content/upgrade`. That leaves 176 characters.
The plugin he was unpacking needed 98 characters for its longest pathname: `/plugins//opencloud/symed/Symfony/Component/EventDispatcher/EventDispatcherInterface.php`. That leaves 78 characters to spare. Should be plenty... except for WP_Upgrader::unpack_package() wanting to use basename($zipfile) to create a directory for unpacking into. The zipfile did indeed have a filename of over 78 characters long. Boom!
To prevent other scenarios in which someone might get hit by this, we can just change this line:
{{{
$working_dir = $upgrade_folder . basename($package, '.zip');
}}}
to:
{{{
$working_dir = $upgrade_folder . substr(md5(basename($package, '.zip')), 0, 8);
}}}
The use of md5() to prevent collisions might be over-cautious (especially given that WP_Upgrader::unpack_package() already tries to empty out the upgrades directory), but it's also harmless." DavidAnderson
Tickets Awaiting Review 36557 WordPress Version 4.5 Upgrade Failure Upgrade/Install 4.5 normal normal Awaiting Review defect (bug) reopened 2016-04-17T04:27:36Z 2017-07-05T20:12:57Z "Upgrade to Version 4.5 failing in one of my site.
The wp-admin/update-core.php?action=do-core-upgrade page comes blank with normal admin menu and sidebar.
Upon further investigation I found those in source
{{{
}}}
And at the end of the page
{{{

}}}
I cleaned cache, re-logined, still same. Any plugin updates works perfectly, not just the core.
Server NGINX 1.9.10, PHP 7.0.5, from WordPress 4.4.2
" Asif2BD
Tickets Awaiting Review 15134 WordPress should not try to remove theme's or plugin's directory recursively if the directory is a symlink dd32 Upgrade/Install normal major Awaiting Review defect (bug) reopened has-patch 2010-10-16T11:46:29Z 2017-10-10T13:35:30Z "Consider the situation: there is a server with multiple WordPress blogs hosted in it. Some plugins are common for all/many blogs and to save several (hundreds in our case) megs of the disk space, shared plugins are stored somehwere else (say, /var/www/wp-plugins) and there are symbolic links to /var/www/wp-plugins/ from /home//wp-content/plugins/.
The onwer of the blog (user1) may not know these details and wants to update one of the plugins (plugin1) using automatic update feature. WordPress will then try to remove /home/user1/wp-content/plugins/plugin1/ recursively although /home/user1/wp-content/plugins/plugin1 is a symlink to /var/www/wp-plugins/plugin1.
The obvious solution is to add a check to the filesystem classes that checks if the file is a symlink and if so, remove symlink with unlink() instead of trying to follow it and remove everything it sees.
The advantage of this approach is that if the user symlinks a plugin to other user's data, those data will not be removed by WordPress (this can be very good for those hosts where all users are served by the same Apache user etc).
" vladimir_kolesnikov
Tickets Awaiting Review 42619 WordPress tries to access /home/.bzr but to no avail Upgrade/Install 4.9 normal normal Awaiting Review defect (bug) new 2017-11-18T14:35:29Z 2018-01-24T04:58:46Z "Hi,
I'm getting the following error in my logs. I'm aware that I have open_basedir enabled, but I don't think WordPress should try to read files outside its installation directory. If I'm mistaken, I'm sorry and I'll be glad to receive any explanation as to why.
This bug doesn't generate any visible error or message other than this log, so I would definitely consider it ""low severity"". The log file was generated by a plugin of mine, but as you can see, the error doesn't occur in my own files. It's located in a core file.
Here's what I get in my log file:
{{{
[14:35:04]
******************
PHP SHUTDOWN ERROR
Type: 2
Message: is_dir(): open_basedir restriction in effect. File(/home/.bzr) is not within the allowed path(s): (/home/httpd/vhosts/[hidden]/:/tmp/)
File: /home/httpd/vhosts/[hidden]/subdomains/[hidden]/wp-admin/includes/class-wp-automatic-updater.php:98
******************
}}}
Best regards" meyegui
Tickets Awaiting Review 26710 Wrong redirect URL after core update when WP is in subdirectory Upgrade/Install 3.8 normal normal Awaiting Review defect (bug) new 2013-12-24T11:05:58Z 2015-12-03T18:43:33Z "When updating WP 3.7.1 to 3.8 on a WP install that is located in a subdirectory (using the ""Giving WordPress Its Own Directory"" method), after the update, the browser forwards to a non-existing URL which causes a 404 error.
In this configuration, in the wp-config file, WP_SITEURL is set to example.com/wp and WP_HOME to example.com.
The update is triggered from the admin area located at example.com/wp/wp-admin/update-core.php
When the update finishes, instead of forwarding to example.com/wp/wp-admin/about.php?updated, it sends the user to example.com/wp-admin/about.php?updated. Because of the missing subdirectory, this displays a 404 error.
Upon returning to the dashboard, the user will notice that the update has been correctly applied, but he won't ever see the ""Welcome to 3.8"" page." tar.gz
Tickets Awaiting Review 23487 is_blog_installed gives errorneus result on moved database Upgrade/Install 3.0 normal normal Awaiting Review defect (bug) new dev-feedback 2013-02-16T13:11:37Z 2015-05-14T17:45:51Z "I resently moved my blogs to a new database, but when I tried it out, on of the blogs wanted a new install. Of course I did not want to do an install and overwrite my blog.
I indirectly found the reason in is_blog_installed, which suppresses database errors. Thus I did not see this error.
SELECT command denied to user 'techblog'@'localhost' for table 'wp_options'
Of course it was my fault, but I virtually had to take the wordpress code apart to find out why my migration failed.
Of course this is not a big problem on new installs, but very likely to happen on moving databases.
" Kjeld Flarup
Tickets Awaiting Review 34933 postMessage - targetOrigin does not contains port number Upgrade/Install 3.9 normal normal Awaiting Review defect (bug) new 2015-12-09T14:01:59Z 2015-12-09T21:17:09Z "'''Current behavior'''
When the skins are upgraded then the communication to the parent node using postMessage is blocked when the user is on the URL that has specified port. Example: ''example.com:81''.
I see in console:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('http://localhost') does not match the recipient window's origin ('http://localhost:81').
'''Expected behavior'''
File ''wp-admin\includes\class-wp-upgrader-skins.php'' line 168 contains:
{{{
window.parent.postMessage( JSON.stringify( { action: ""decrementUpdateCount"", upgradeType: ""' . $type . '"" } ), window.location.protocol + ""//"" + window.location.hostname );
}}}
The '''targetOrigin''' for the ''postMessage'' should also contains port number. E.g. ''window.location.hostname + window.location.port''" ctomczyk
Tickets Awaiting Review 31405 upgrade.php fails with mixed HTTPS (SSL) and simple HTTP sites Upgrade/Install 3.0 normal normal Awaiting Review defect (bug) assigned has-patch 2015-02-21T19:28:16Z 2016-12-22T03:19:03Z "upgrade.php fails with mixed HTTPS (SSL) and simple HTTP sites
The bug is discussed here
http://wordpress.stackexchange.com/questions/156642/how-to-use-wordpress-multisite-with-mixed-http-and-https-sites
I also add a patch that solves the SSL upgrade issue in my case." intersol
Tickets Awaiting Review 28630 "wordpress ""check for updates"" fails silently behind proxy server with https POST 501 Error" Upgrade/Install 3.8.1 normal major Awaiting Review defect (bug) new 2014-06-25T14:58:24Z 2015-12-03T17:36:21Z "I was running wordpress 3.8.1 on a webserver inside a LAN where wordpress needs to use a proxy to access the web. This is taken care of by defining WP_PROXY_HOST and WP_PROXY_PORT in wp-config.php, so Wordpress and plugins worked correctly.
When checking the dashboard for updates, Wordpress and all plugins were always shown as up-to-date even as WP 3.9 and 3.9.1 were out.
I checked the network traffic when forcing an update check, and it turns out that in wp-includes/update.php, if ssl is available, the url used to check for updates is transformed from http url to https url. This happens in three places, e.g. :
{{{
$url = $http_url = 'http://api.wordpress.org/themes/update-check/1.1/';
if ( $ssl = wp_http_supports( array( 'ssl' ) ) )
$url = set_url_scheme( $url, 'https' );
}}}
Thus a HTTPS POST request is sent, and the proxy we have here (Squid) answers with an error 501 “Unsupported Request Method and Protocol”
It seems HTTP GET and POST works, I know HTTPS GET works with the proxy, but not HTTPS POST from WP.
After that, WP display that everything is up-to-date, no error message, even with WP_DEBUG set to true.
I commented the lines that switch to ssl if it is available, and everything worked fine : the updates were detected and installed with no further problem.
Unfortunately my 'fix' isn't one as I will have to do it again after each WP update.
Fixing this:
- At the minimum : If the update check fails (error 501 here) WP should NOT say there is no update, but display an error message to let the user know there may be updates available but that it could not check for it (displaying the error itself would be even better).
- Better :
Maybe this is due to the way WP connects to the server using the proxy, as SQUID should work with HTTPS POST (at least it does from my browser). It seems a similar problem is described in [http://www.perlmonks.org/?node_id=78114] and is due to the connection : apparently it should be : ''create TCP connection to proxy, send ""CONNECT xyz\r\n"", and only then establish SSL connection.''. If this can be fixed in proxy support for https (not sure this is the problem), that's the best solution.
- fast and unsecure fix: There could be a way (a wp-config var ?) to disable SSL when checking for updates but there are security implications as I assume SSL is used to confirm that the server is getting the updates from a legitimate WP server.
" manikb
Tickets Awaiting Review 18239 wp_ob_end_flush_all() hangs the output buffering, during plugin update/install Upgrade/Install 3.2.1 normal minor Awaiting Review defect (bug) new 2011-07-25T07:52:03Z 2015-07-17T15:39:42Z "Symptom: During plugin update process, the screen displays ""Downloading {plugin}"" then appears to hang.
System: Apache2 on LinuxMint-11
I traced the fault to the following function:
send_message() in /wp-admin/includes/misc.php
this function writes out the message, then tries to flush
the buffers by calling wp_ob_end_flush_all()
the mechanism of the ob_flush is to repeatedly call ob_end_flush until there is no more levels.
On the default configuration of LinuxMint / Debian, zlib.output_compression is ON, and this interferes with ob_end_flush
Based on notes from php.net, ob flushing is not necessary.
SOLUTION:
1) Either change php.ini to set zlib.output_compression to OFF, or
2) shortcircuit the wp_ob_end_flush_all() by adding an immediate return to the first line.
RECOMMENDATION:
In future versions of Wordpress, the interaction between ob and zlib should be studied carefully to derive the most universal solution.
" mamborambo
Tickets Awaiting Review 40006 $response var in comments not an array but an object Upgrade/Install normal normal Awaiting Review enhancement new has-patch 2017-03-01T15:22:21Z 2017-03-01T18:56:09Z "In the file [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/update.php#L418, wp-admin/includes/update.php] there is an action {{{ do_action( ""in_plugin_update_message-{$file}"", $plugin_data, $response ); }}}. The comments declares $response as an array but its and object containing the plugin data. The list of plugin data also seems somewhat incomplete. But I'm unsure if all fields I see are always present. The property ""tested"" seems useful to add at least.
" davidmosterd
Tickets Awaiting Review 42520 "A Dot at the end of message ""WordPress successfully updated"" is missing" Upgrade/Install 4.9 normal normal Awaiting Review enhancement new has-patch 2017-11-12T16:10:18Z 2017-11-12T17:23:27Z "The Original String ""WordPress successfully updated"" is missing a dot at the end of the sentence. See:
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-automatic-updater.php?marks=349#L349
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/update-core.php?marks=1258#L1258
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/update-core.php?marks=510#L510
We have a dot at the end of each message which informs about a successful update. Here are simular text strings, that all have a dot at the end:
https://translate.wordpress.org/projects/wp/dev/admin/de/default?filters%5Bterm%5D=wurde+erfolgreich+aktu&filters%5Buser_login%5D=&filters%5Bstatus%5D=current&filter=Filter&sort%5Bby%5D=references&sort%5Bhow%5D=desc
" transl8or
Tickets Awaiting Review 42448 Add 'upgrader_pre_unpack' hook Upgrade/Install normal normal Awaiting Review enhancement new has-patch 2017-11-06T21:38:50Z 2017-11-19T15:53:27Z The `WP_Upgrader` class provides several hooks that can be used to modify the upgrader process. There is an `'upgrader_pre_download'` hook, for example. But there is no hook that fires after download but before the package is unpacked. It would be nice to add such a hook, which for example could be used to verify a package's signature, or override the unpacking code entirely. jdgrimes
Tickets Awaiting Review 36612 Add Ratings into the Add New Theme page Upgrade/Install normal normal Awaiting Review enhancement new 2016-04-21T06:37:10Z 2017-10-10T09:09:39Z "Currently when searching for themes, we display the average rating but no link or ability to view what those reviews are.
We should provide a way to view ratings when previewing the theme in the installer.
I don't have a UI in mind for this, or an idea where it'd fit, but without it the average rating of the theme is a little ""magic"" as there's no way to see why it's rated that way." dd32
Tickets Awaiting Review 34986 Add Upgrade Notice for Themes Upgrade/Install normal normal Awaiting Review enhancement new has-patch 2015-12-10T17:19:17Z 2016-02-06T04:30:48Z "There is upgrade notice for plugins that displays on the core update page if `$transient->upgrade_notice` is set in the `pre_set_site_transient_update_{plugins|themes}` filter, but there is no corresponding upgrade notice used or available for themes.
I propose adding a similar usage for themes as currently exists for plugins.
Use case, when theme upgrades are pending a notice of what changes, etc. will be available from the main update page." afragen
Tickets Awaiting Review 37640 Add WPLANG to `.maintenance` Upgrade/Install 4.0 normal normal Awaiting Review enhancement new 2016-08-12T05:37:25Z 2016-08-12T08:35:19Z "Currently, maintenance display is English.
This will be WPLANG definition is deprecated in version 4.0 or later, I think that it is due to the fact that now is not the translation information of each language is loaded at the time of the maintenance display.
I think the problem can be solved by adding a WPLANG defined in `.maintenance` that is created at the time of maintenance.
*Currently(/wp-admin/includes/update-core.php : line936)
{{{
$maintenance_string = '';
}}}
*Change
{{{
$language = get_option( 'WPLANG' );
if ( $language ) {
$maintenance_string = '';
} else {
$maintenance_string = '';
}
}}}
Please consider this matter." tmatsuur
Tickets Awaiting Review 22377 Add filter to wp_update_plugins() rmccue Upgrade/Install 3.4 low minor Awaiting Review enhancement assigned has-patch 2012-11-07T12:01:26Z 2015-12-03T18:50:54Z "'''Background'''
Certain plugins (paid plugins, etc) may not wish to use WordPress' built-in
upgrading functionality. As such, they may implement their own update checking
code. WordPress' code runs every 12 hours via wp-cron, so hooking into the
native system for checking would be the best way to avoid duplicating tonnes of
code.
'''Problem'''
Currently, filtering this result is somewhat unintuitive. There are no filters
in `wp_update_plugins()` to filter the result of the API call, so you have to
fall back to `pre_set_site_transient_update_plugins`. WordPress, however, sets
this transient twice,
[https://core.trac.wordpress.org/browser/trunk/wp-includes/update.php?rev=21996#L193 once before updating] ""to prevent multiple blocking requests if request hangs""
and then once afterwards with the actual result.
This is only a minor inconvenience, but it appears to be somewhat fragile.
Ensuring that a plugin's custom code doesn't run on the first `set_transient()`
requires setting a flag, and this is prone to breaking if `wp_update_plugins()`
changes internally.
'''Solution'''
Introduce a new filter to change the API result before saving. This filter
should only run once, with the actual result of the API call.
Patch attached." rmccue
Tickets Awaiting Review 31744 All PHP files in the root should be dummy files, pointing to wp-includes versions Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2015-03-24T01:25:03Z 2017-02-06T12:33:46Z "I'm proposing that all of our PHP files in the WordPress root should be moved to `wp-includes`, and dummy versions put in the root that include the `wp-includes` versions of them.
This will make things cleaner, and will open the door for us to do things like install a new version of WordPress in `wp-includes-8fb24cd9`, and pass a `?use-wp-includes=8fb24cd9` switch that loads that version. We could test the updated version of WordPress without touching the old version, and if it fails (WSOD, etc), we don't even have to roll back, because we haven't put the new version in `wp-includes` yet." markjaquith
Tickets Awaiting Review 37130 Auto-download language packs when installing manually Upgrade/Install low minor Awaiting Review enhancement new 2016-06-20T09:08:17Z 2016-06-20T09:08:17Z "Themes and plugins can be downloaded from Rosetta sites (locale.wordpress.org). When they're downloaded, they are only available in English and whatever locale packages a theme/plugin author has decided to ship. They do not include language packs made available from translate.wordpress.org.
As a result, if I download a plugin from the German plugin directory and manually install it, even if it's fully translated into German and a language pack is available, I won't see the interface in German. Thus, this ticket.
On manual install, we should check for an available language pack and auto-download the language pack." samuelsidler
Tickets Awaiting Review 42376 Beta Download/Install capabilities with Plugins & Themes Upgrade/Install normal normal Awaiting Review enhancement new 2017-10-30T02:15:53Z 2017-10-30T14:32:08Z "Either by Authors choice, or using Beta tag with Semantic Versioning. Plugins & Themes could be able to released as beta versions as an option to Webmasters. Currently, there are few concepts that come to mind.
* Notice in Installed Plugins screen with action to allow updating to a beta.
* Notice (or a list of beta plugins) in the Updates screen.
* WP setting to Opt-in to Betas.
NOTE: Admin Safety might need consideration with extra measures to prevent accidentally installing.
With Developers/Authors, the option would primarily be based on the stable tag, and ( the most beta in tags folder, OR beta tag added ). As well as using a (alpha) beta tag, but brings into question other recent versions with no beta tag.
The purpose could be intended as either a hotfix or a test version. In the past, the availability of beta testers has been very small, and to try to make updates more preemptive.
" EkoJr
Tickets Awaiting Review 28845 Better error messages when uploading theme as plugin and vice versa Upgrade/Install normal normal Awaiting Review enhancement new 2014-07-11T22:36:14Z 2015-12-03T16:37:00Z "When uploading a plugin package in the theme upload section, you will get an error message like:
{{{
Unpacking the package…
Installing the theme…
The package could not be installed. The theme is missing the style.css stylesheet.
Theme install failed.
}}}
You get a similar message when you try uploading a theme as a plugin.
Because a plugin or a theme package is detectable, the error message should be more helpful. It should point the user where to go to upload the package.
Ideally, we could just detect have the package installed anyone as the correct package type; however, for now, improved messaging could be really helpful." tollmanz
Tickets Awaiting Review 43242 Do not propose users to skip a minor upgrade Upgrade/Install 4.9.3 normal normal Awaiting Review enhancement new has-patch 2018-02-07T07:50:22Z 2018-02-07T10:47:20Z "1) When having a non-US installation and a new version of WP gets proposed, the text is indicating 'You can skip upgrading if you want to keep your current translation'. I think it's a bad idea to tell people they can skip upgrading.
Most probably it would be better to indicate that there might be temporarily some translation issues if the translation files are not immediately available.
2) The button says 'Hide this update', the text says 'skip'. Probably better to harmonize (if these are linked, which I think they are)." casiepa
Tickets Awaiting Review 28376 Improve error message seen by user in update.php Upgrade/Install 3.9.1 normal normal Awaiting Review enhancement new 2014-05-27T15:33:57Z 2017-11-02T13:40:23Z "Line 117 of update.php
{{{
$response = wp_remote_post( $url, $options );
if ( $ssl && is_wp_error( $response ) ) {
trigger_error( __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.' ) . ' ' . __( '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)' ), headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE );
$response = wp_remote_post( $http_url, $options );
}
}}}
The message ""Something may be wrong with WordPress.org or this server's configuration. If you continue to have problems, please try the support forums"" could be better. Right now if wordpress.org is up (which code can check?) then the problem is with their host. If they post to the Support forums there is no easy answer there.
While there is a solution to this mentioned in #27091 that solution is not suitable for most users.
I would suggest a longer timeout and a message that they could copy to their webhost to assist the host if a connection is being blocked." podz
Tickets Awaiting Review 41597 Language pack download requires too broad file system permissions Upgrade/Install 4.9 normal normal Awaiting Review enhancement new 2017-08-09T17:27:54Z 2017-08-11T06:28:34Z "Language packs are installed into `wp-content/languages` directory. The problem is, even if the directory exists, and WordPress is allowed to create files there, it is still required to:
* for WordPress to have permissions in the `wp-content` directory. This is because `$upgrader->fs_connect()` is called with an array of two directories – `WP_CONTENT_DIR` and `WP_LANG_DIR`, and `fs_connect()` only checks the permissions to the first one.
* for WordPress to have the exact file owner for the `wp-content` directory. Cause - `wp_can_install_language_pack()` calls `fs_connect()` wihout `$allow_relaxed_file_ownership`
I think languages, downloaded from a known source, should not require such a draconian measures. Instead, WordPress should successfully download and install languages if it can write to `wp-content/languages` directory (and not require ownership permissions for either `wp-content` or `wp-content/languages`." kpumuk
Tickets Awaiting Review 34907 List for translation updates Upgrade/Install 4.3.1 normal normal Awaiting Review enhancement new 2015-12-08T10:45:51Z 2015-12-08T11:33:55Z "If updates are available you have the overview at /wp-admin/update-core.php. There you can see updates for themes and plugins and you have a list for these updatable items.
If there are updates for translations there is only a button, that updates are available, but there is no list or information which translations will be updated.
It would be fine to have a list as it exists for themes and plugins." Giede
Tickets Awaiting Review 37484 Make form in request_filesystem_credentials() in line with WP admin form styling / HTML structure / security Upgrade/Install normal normal Awaiting Review enhancement new 2016-07-27T12:57:10Z 2016-12-03T23:25:18Z "Currently, the `Connection Information` form output by `request_filesystem_credentials()` looks very sad and doesn't reflect the admin form HTML structure and style.
This is how it looks: [attachment:""Screen Shot 2016-07-27 at 13.41.52.png""]
It would be great if it can be standardised to look like WP admin settings UI, i.e. [attachment:""Screen Shot 2016-07-27 at 13.41.23.png""]
While at it, it would be great to secure the form code with escape family functions (esc_attr, esc_html and so on)." dashaluna
Tickets Awaiting Review 35016 New plugin version in upgrader object Upgrade/Install 4.4 normal normal Awaiting Review enhancement new 2015-12-11T16:11:53Z 2016-09-29T08:35:35Z "The current upgrader object only has the ''old'' plugin version ({{{->skin->plugin_info['Version']}}} unless you parse out the source URL.
{{{
Plugin_Upgrader Object
(
[result] => Array
(
[source] => Q:/dev/webspec-design/wp-content/upgrade/types.1.8.11/types/
[source_files] => Array
(
[0] => admin.php
[1] => classes
[2] => embedded
[3] => help.php
[4] => includes
[5] => marketing
[6] => marketing.php
[7] => plus
[8] => readme.txt
[9] => resources
[10] => wpcf.php
[11] => wpml-config.xml
)
[destination] => Q:\dev\webspec-design/wp-content/plugins/types/
[destination_name] => types
[local_destination] => Q:\dev\webspec-design/wp-content/plugins
[remote_destination] => Q:/dev/webspec-design/wp-content/plugins/types/
[clear_destination] => 1
)
[bulk] => 1
[strings] => Array
(
[skin_upgrade_start] => The update process is starting. This process may take a while on some hosts, so please be patient.
[skin_update_failed_error] => An error occurred while updating %1$s: %2$s
[skin_update_failed] => The update of %1$s failed.
[skin_update_successful] => %1$s updated successfully. Show Details
[skin_upgrade_end] => All updates have been completed.
[skin_before_update_header] => Updating Plugin %1$s (%2$d/%3$d)
[bad_request] => Invalid Data provided.
[fs_unavailable] => Could not access filesystem.
[fs_error] => Filesystem error.
[fs_no_root_dir] => Unable to locate WordPress Root directory.
[fs_no_content_dir] => Unable to locate WordPress Content directory (wp-content).
[fs_no_plugins_dir] => Unable to locate WordPress Plugin directory.
[fs_no_themes_dir] => Unable to locate WordPress Theme directory.
[fs_no_folder] => Unable to locate needed folder (%s).
[download_failed] => Download failed.
[installing_package] => Installing the latest version…
[no_files] => The package contains no files.
[folder_exists] => Destination folder already exists.
[mkdir_failed] => Could not create directory.
[incompatible_archive] => The package could not be installed.
[files_not_writable] => The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.
[maintenance_start] => Enabling Maintenance mode…
[maintenance_end] => Disabling Maintenance mode…
[up_to_date] => The plugin is at the latest version.
[no_package] => Update package not available.
[downloading_package] => Downloading update from %s…
[unpack_package] => Unpacking the update…
[remove_old] => Removing the old version of the plugin…
[remove_old_failed] => Could not remove the old plugin.
[process_failed] => Plugin update failed.
[process_success] => Plugin updated successfully.
[process_bulk_success] => Plugins updated successfully.
)
[skin] => Bulk_Plugin_Upgrader_Skin Object
(
[plugin_info] => Array
(
[Requires WP] =>
[Requires PHP] =>
[GitHub Plugin URI] =>
[GitHub Branch] =>
[GitHub Enterprise] =>
[GitHub CE] =>
[Bitbucket Plugin URI] =>
[Bitbucket Branch] =>
[Bitbucket Enterprise] =>
[Bitbucket CE] =>
[GitLab Plugin URI] =>
[GitLab Branch] =>
[GitLab Enterprise] =>
[GitLab CE] =>
[Name] => Types
[PluginURI] => http://wordpress.org/extend/plugins/types/
[Version] => 1.8.10
[Description] => Define custom post types, custom taxonomies and custom fields.
[Author] => OnTheGoSystems
[AuthorURI] => http://www.onthegosystems.com
[TextDomain] =>
[DomainPath] =>
[Network] =>
[Title] => Types
[AuthorName] => OnTheGoSystems
)
[in_loop] =>
[error] =>
[upgrader] => Plugin_Upgrader Object
*RECURSION*
[done_header] =>
[done_footer] =>
[result] => Array
(
[source] => Q:/dev/webspec-design/wp-content/upgrade/types.1.8.11/types/
[source_files] => Array
(
[0] => admin.php
[1] => classes
[2] => embedded
[3] => help.php
[4] => includes
[5] => marketing
[6] => marketing.php
[7] => plus
[8] => readme.txt
[9] => resources
[10] => wpcf.php
[11] => wpml-config.xml
)
[destination] => Q:\dev\webspec-design/wp-content/plugins/types/
[destination_name] => types
[local_destination] => Q:\dev\webspec-design/wp-content/plugins
[remote_destination] => Q:/dev/webspec-design/wp-content/plugins/types/
[clear_destination] => 1
)
[options] => Array
(
[url] => update.php?action=update-selected&plugins=types%2Fwpcf.php
[nonce] => bulk-update-plugins
[title] =>
[context] =>
)
[plugin_active] => 1
)
[update_count] => 1
[update_current] => 1
)
}}}" eclev91
Tickets Awaiting Review 34676 Optimize bulk plugin updates Upgrade/Install 4.4 normal normal Awaiting Review enhancement new needs-unit-tests 2015-11-13T16:03:40Z 2017-08-07T16:22:12Z "When selecting more then one plugins to update the following things are done:
* Maintenance mode on (if -a- plugin is active)
* Per plugin:
1. Get plugin info
2. Download package
3. Unpack package
4. Install package
* Maintenance mode off
**Scenario:**
10 plugins require updates.
Only the last one is active = requires maintenance mode to be enabled.
Server might not have the best connection to WordPress.org or other plugin resource.
This means that the site will not be available during:
* Downloading of all plugins
* Unpacking of all plugins
* Installing of all plugins
This means at least (10*download request) + (10*unpacking) + (10*installing) = 30 actions.
Not including optional plugin info request * 10.
Also not including plugins that need to do delta's on tables or other upgrading scripts.
Though only one plugin actually required the site to not be available, which would be (1*installing) = 1 action.
**Ideal flow:**
* Download all packages
* Unpack downloaded packages
* Determine per plugin if maintenance is required
* Install plugin
* Disable maintenance if next plugin is not active
* Finally: disable maintenance if enabled
* Remove all unpacked packages and downloads
I can think of a performance argument to include the unpacking of packages in the maintenance mode because it might be a strain on the server, but functionally I don't think it should be.
As far as I can see the only file that this is effectively handled in is `class-wp-upgrader.php`." jipmoors
Tickets Awaiting Review 33287 Prompt the user before leaving during core upgrade Upgrade/Install 4.1.6 normal normal Awaiting Review enhancement new 2015-08-06T05:19:32Z 2015-08-06T09:34:54Z Yesterday I was updating a test site (from 4.1.x to 4.2.x) using update-core.php and I accidentally clicked 'back' button during installation, which aborted the update process when it wasn't finished yet. This resulted in breaking the site completely (call to undefined function wp() ). It could have been easily prevented by simple beforeunload prompt. helium-3
Tickets Awaiting Review 43160 Reduce wp-admin/update-core.php load time by half Upgrade/Install 4.9.2 normal normal Awaiting Review enhancement new 2018-01-25T23:10:13Z 2018-04-18T20:39:35Z "I had this problem where loading this page was taking over a minute.
It turns out that this is caused by premium plugins that makes remote calls to validate license and/or verify the existence of update.
My whole journey is documented here:
https://wordpress.org/support/topic/displaying-wp-admin-update-core-php-takes-about-50-secs/
There is not much that can be done about that but this can be mitigated a lot when you realise that wp_update_plugins() calls set_site_transient() twice and this is where the expensive hook calls are made.
So here is my attempt to improve the situation:
{{{
$ diff wp-includes/option.php{.orig,}
1721a1722,1759
> * Set/update the value of a site transient without calling the sometimes expensive hooks.
> *
> * This is particularly for the special case of wp_update_plugins() where set_site_transient() was called twice
> * and the first time was only for setting up the last_checked update_plugins option.
> *
> * @since 4.9.2
> *
> * @see wp_update_plugins()
> *
> * @param string $transient Transient name. Expected to not be SQL-escaped. Must be
> * 167 characters or fewer in length.
> * @param mixed $value Transient value. Expected to not be SQL-escaped.
> * @param int $expiration Optional. Time until expiration in seconds. Default 0 (no expiration).
> * @return bool False if value was not set and true if value was set.
> */
> function set_site_transient_nohook( $transient, $value, $expiration = 0 ) {
>
> $expiration = (int) $expiration;
>
> if ( wp_using_ext_object_cache() ) {
> $result = wp_cache_set( $transient, $value, 'site-transient', $expiration );
> } else {
> $transient_timeout = '_site_transient_timeout_' . $transient;
> $option = '_site_transient_' . $transient;
> if ( false === get_site_option( $option ) ) {
> if ( $expiration )
> add_site_option( $transient_timeout, time() + $expiration );
> $result = add_site_option( $option, $value );
> } else {
> if ( $expiration )
> update_site_option( $transient_timeout, time() + $expiration );
> $result = update_site_option( $option, $value );
> }
> }
> return $result;
> }
>
> /**
1767,1781c1805
< if ( wp_using_ext_object_cache() ) {
< $result = wp_cache_set( $transient, $value, 'site-transient', $expiration );
< } else {
< $transient_timeout = '_site_transient_timeout_' . $transient;
< $option = '_site_transient_' . $transient;
< if ( false === get_site_option( $option ) ) {
< if ( $expiration )
< add_site_option( $transient_timeout, time() + $expiration );
< $result = add_site_option( $option, $value );
< } else {
< if ( $expiration )
< update_site_option( $transient_timeout, time() + $expiration );
< $result = update_site_option( $option, $value );
< }
< }
---
> $result = set_site_transient_nohook( $transient, $value, $expiration );
$ diff wp-includes/update.php{.orig,}
68c68
< set_site_transient( 'update_core', $current );
---
> set_site_transient_nohook( 'update_plugins', $current );
}}}
" lano1106
Tickets Awaiting Review 33345 Remove blocking API requests for update checks Upgrade/Install normal normal Awaiting Review enhancement new 2015-08-11T23:07:13Z 2016-10-17T15:50:58Z "I'm getting pretty fed up with the blocking HTTP requests to `api.wordpress.org` in the admin area. Core, plugin, and theme update checks are all blocking and can happen on any admin screen once the corresponding transient expires.
These update checks should be converted to non-blocking requests, with an AJAX listener which polls the corresponding transients and displays the update count in the admin toolbar (and message in the footer) as necessary.
The Plugins screen can already be quite slow with a large number of plugins, and the plugin update check slows it down a ton. On the Plugins screen an AJAX listener should poll the corresponding transient and display the available plugin updates inline once it's completed, and toggle the ""Update Available"" tab (and its count) as necessary.
The AJAX listener only needs to be triggered if an update check has been triggered at the start of the page load.
Visiting the Updates screen would retain current behaviour." johnbillion
Tickets Awaiting Review 41970 Removed unused variable. Upgrade/Install normal normal Awaiting Review enhancement new has-patch 2017-09-25T08:04:52Z 2017-10-13T05:52:00Z "I have found wp_current_db_version variable not use in functions so need to remove this for improvement.
file locations :
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/upgrade.php line no:1596" adnan.limdi
Tickets Awaiting Review 34116 "Rethink default install content like ""Sample Page"", etc." Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2015-10-01T14:30:09Z 2017-01-04T00:40:32Z "New installs of WordPress come built in with ""Sample Page"", a default blog post, and a built in comment.
I would like to propose that we rethink this content. In its current state, all it means is that any site owner needs to make some changes to their website, including either trashing or changing the sample page, editing the information in it and the sample blog post, and deleting the sample content.
IMO, there are a variety of steps I'd prefer to take, but I'll rank a few in terms of what I think have few consequences to options that may be more of a difficult sell.
1. Change the name of Sample page to ""About"". Nearly every website has an about page. It's a much better option in my opinion. It's even the recommendation of the current sample page.
2. Delete the sample comment on Hello World altogether. People get web comments, this just has to be trashed on all new installs.
3. Change the status of ""Hello World"" to draft. It's not ready to publish, so let's not make it published.
4. Change ""uncategorized"" to ""general"" or something that's not so awful. (I know this has been discussed elsewhere a good bit but I'd be sad to not mention it)
Currently the sample content is used as a defacto new user walkthrough. I would rather see proper new user onboarding, personally. But even if that's a step too far, I'd like to make some of these changes to the default content. Numbers 1 and 2 feel particularly doable to me, and 3 and 4 would be really nice additions." krogsgard
Tickets Awaiting Review 35530 "Style and upgrade ""Briefly unavailable for scheduled maintenance. Check back in a minute."" page" Upgrade/Install normal normal Awaiting Review enhancement new 2016-01-19T19:01:42Z 2018-01-10T23:44:54Z "While ideally it would not be shown except briefly, the current display of the ""Briefly unavailable for scheduled maintenance. Check back in a minute."" feels very unprofessional and generic. Perhaps we should consider dropping the message into some output similar to the readme.html file.
Thoughts?
Concerns?" tw2113
Tickets Awaiting Review 34610 Unify Add plugin with Add theme: load tabs through ajax Upgrade/Install 4.4 normal normal Awaiting Review enhancement new 2015-11-06T22:55:21Z 2016-06-26T11:12:26Z Make Add plugin page the same way as Add theme. So '''Upload plugin''' and tabs (features, popular ...) react without reloading whole page. petercralen
Tickets Awaiting Review 22076 WP Upgrader: update_bulk_plugins_complete_actions and update_bulk_theme_complete_actions should pass information about all plugins/themes to the filter Upgrade/Install 3.0 normal normal Awaiting Review enhancement new 2012-10-02T07:56:19Z 2015-09-02T03:44:53Z "In class-wp-upgrader.php, line 1214 there is this line:
{{{
$update_actions = apply_filters('update_plugin_complete_actions', $update_actions, $this->plugin);
}}}
When adding a filter to it like this:
{{{
add_filter('update_bulk_plugins_complete_actions','test_filter',99,2);
function test_filter( $update_actions, $plugins ) {
echo print_r( $plugins, 1);
return $update_actions;
}
}}}
Only the last updated plugin info will be printed. However, it should contain information about all the plugins that were updated (since we are dealing with a bulk upgrade here)." ragulka
Tickets Awaiting Review 38946 WP_Upgrader: Protection against deleting files in destination directory Upgrade/Install normal normal Awaiting Review enhancement new has-patch 2016-11-26T09:12:52Z 2017-11-07T15:26:12Z "While creating a plugin I have to upload zip file and extract it in the custom destination directory with its inside main folder name just like how Theme_Upgrader and Plugin_Upgrader does.
While extending the class `WP_Upgrader` and using method `install()` like this:
{{{#!php
true,
);
$parsed_args = wp_parse_args( $args, $defaults );
$this->init();
$this->install_strings();
add_filter( 'upgrader_source_selection', array( $this, 'check_package' ) );
$this->run( array(
'package' => $package,
'destination' => WP_CONTENT_DIR . '/uploads/demo-packs',
'clear_destination' => false, // Do not overwrite files.
'protect_destination' => true, // Let me utilize this args in `install_package()` to fix this error, happy :)
'clear_working' => true,
'hook_extra' => array(
'type' => 'demo',
'action' => 'install',
)
) );
remove_filter( 'upgrader_source_selection', array( $this, 'check_package' ) );
if ( ! $this->result || is_wp_error( $this->result ) ) {
return $this->result;
}
return true;
}
}}}
Now always the zip file content are extracted into that destination directory but I want to index just like this where `{uploaded-zip}` is the zip file inside folder name:
`WP_CONTENT_DIR . '/uploads/demo-packs/{uploaded-zip}'`
And finally the detected issue is that the destination directory are no more protected just like theme and plugins directories does :)
{{{#!php
7.0.99-hhvm`
on [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/update.php#L107 this line] the null parameter makes the `http_build_query` return null, causing the ""please update!"" message of doom, changing it to false solves it." natostanco
Candidates for Closure 43433 mixed-content for install page stylesheets Upgrade/Install 4.9.1 normal normal Awaiting Review defect (bug) new reporter-feedback 2018-02-28T09:01:34Z 2018-03-20T15:13:30Z "I am trying to install wordpress 4.9.1 on my https website but the browser (chrome 64.0.3282.186 & firefox 58.0.2) gives me mixed-content error when loading wp-admin/install.php and the page looks broken.
after installing wordpress I cannot login with my given username and password and default page seems broken too" mimke
Candidates for Closure 40637 ticket #38024 remains unresolved. Are there plans to correct it in a future WordPress release? Upgrade/Install 4.7.4 normal normal Awaiting Review defect (bug) new close 2017-05-02T16:25:03Z 2017-06-06T07:05:23Z "This is a follow-up to #38024.
{{{
WordPress plugin updates failing – multiple causes
toggerybob
(@toggerybob)
17 seconds ago
Good morning.
This issue has been declared a WordPress issue by the Easy Updates Manager plugin. Can you please review and assist?
Many thanks.
—
Support » Plugin: Easy Updates Manager » Error: [fs_unavailable]
Error: [fs_unavailable]
Resolved toggerybob
(@toggerybob)
9 months, 3 weeks ago
Error with Easy Updates Manager. Started in the last 1 or 2 weeks. It’s happening on all of our websites. Error is:
—
WordPress site: http://www.hydrangeaokc.com/
The following plugins were successfully updated:
* SUCCESS:
UPDATE LOG
==========
Updating plugin:
The plugin is at the latest version.
Error: [fs_unavailable] Could not access filesystem.
—
Our web hosting provider, iPage indicates this is a problem with the plugin.
Can you please assist?
Many thanks.
https://wordpress.org/plugins/stops-core-theme-and-plugin-updates/
Viewing 15 replies – 1 through 15 (of 18 total)
1
2
→
Plugin Author Matthew
(@kidsguide)
Volunteer Moderator
9 months, 3 weeks ago
What version of Easy Updates Manager are you using?
toggerybob
(@toggerybob)
9 months, 3 weeks ago
Version 1.36.1
Plugin Author Matthew
(@kidsguide)
Volunteer Moderator
9 months, 3 weeks ago
Version 1.36.1
That is not an Easy Updates Manager version. Are you using 6.1.8?
toggerybob
(@toggerybob)
9 months, 3 weeks ago
Dang! Sorry. I pulled the version from the wrong plugin. It’s running 6.1.8
toggerybob
(@toggerybob)
9 months, 3 weeks ago
For some undetermined reason, the Easy Updates Manager plugin is working again as of 8:30pm CST.
Any ideas?
Thanks again.
toggerybob
(@toggerybob)
9 months, 3 weeks ago
Now it’s having 1 success and 1 failure:
—
WordPress site: http://accoladelawns.com/
The following plugins were successfully updated:
* SUCCESS: All In One SEO Pack
* SUCCESS:
UPDATE LOG
==========
All In One SEO Pack
——————-
Updating plugin: All In One SEO Pack
Downloading update from https://downloads.wordpress.org/plugin/all-in-one-seo-pack.2.3.8.zip…
Unpacking the update…
Installing the latest version…
Removing the old version of the plugin…
Plugin updated successfully.
Updating plugin:
The plugin is at the latest version.
Error: [fs_unavailable] Could not access filesystem.
Thanks again.
toggerybob
(@toggerybob)
9 months, 3 weeks ago
And now failing all together again as of 7/13/2016 7:40am
WordPress site: http://corporategolfandgift.com/
The following plugins were successfully updated:
* SUCCESS:
UPDATE LOG
==========
Updating plugin:
The plugin is at the latest version.
Error: [fs_unavailable] Could not access filesystem.
Plugin Author Matthew
(@kidsguide)
Volunteer Moderator
9 months, 3 weeks ago
If you deactivate Easy Updates Manager does this still happen?
Plugin Author Ronald Huereca
(@ronalfy)
9 months, 3 weeks ago
I have a feeling that EUM is the symptom, not the cause. The error usually happens when WordPress can’t write to the filesystem.
All EUM does is allow the background updates to happen and WordPress sends out the debug errors.
toggerybob
(@toggerybob)
9 months, 3 weeks ago
I don’t get why it sometimes works and other times, not. If I deactivate the plugin, it won’t run at all.
Plugin Author Matthew
(@kidsguide)
Volunteer Moderator
3 months ago
@toggerybob
Sorry for the late reply. This error was related to WordPress and was fixed a few versions ago. If you are on the most recent version of WordPress and EUM then everything should work.
toggerybob
(@toggerybob)
3 months ago
@kidsguide
Awesome!
Thanks Matthew.
obliterator
(@obliterator)
1 month, 2 weeks ago
I’m getting the same error now using latest version of WP and EUM.
The notification email is conflicting:
The following plugins were successfully updated:
* SUCCESS: Wordfence Security
* SUCCESS:
UPDATE LOG
==========
Wordfence Security
——————
Updating plugin: Wordfence Security
Downloading update from https://downloads.wordpress.org/plugin/wordfence.6.3.4.zip…
Unpacking the update…
Installing the latest version…
Removing the old version of the plugin…
Plugin updated successfully.
Updating plugin:
The plugin is at the latest version.
Error: [fs_unavailable] Could not access filesystem.
toggerybob
(@toggerybob)
1 month, 2 weeks ago
Same for me, @obliterator. It’s sometimes due to a file permission issue or a specific plugin. EUM should not report the update as successful when it clearly is not.
obliterator
(@obliterator)
1 month, 2 weeks ago
Yes its quite confusing!
Now I’m not sure if its updated the plugin properly or not. WordPress indicates the plugin is the latest version but is that because EUM has just bumped the version number reference up? No way of knowing if its actually installed the updated plugin files. I’m hoping so!
Hope the author can get to the bottom of this. Happy to provide any logs/info to help.
I got a second email shortly afterwards with blank information:
The following plugins were successfully updated:
* SUCCESS:
UPDATE LOG
==========
Updating plugin:
The plugin is at the latest version.
Error: [fs_unavailable] Could not access filesystem.
In: Plugins and Hacks
18 replies
4 participants
Last reply from: toggerybob
Last activity: 7 minutes ago
4.5.3
Status:
Reply to Topic
Unsubscribe
Favorite
Topic Tags
EUM
file permission
filesystem
fs_unavailable
Ronald Huereca
(@ronalfy)
27 minutes ago
This is resolved because it is a WordPress bug, not an EUM one. EUM currently sends out zero emails. Everything you are geting is from WordPress itself.
}}}
Can you please assist?
Many thanks." toggerybob
Candidates for Closure 43492 Core Telemetry and Updates Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2018-03-07T20:37:53Z 2018-05-09T20:37:10Z "It has been discussed on the #gdpr-compliance and the question had made it's cycle around some other rooms with various replies as well occasionally but it's time to take a final decision.
When WordPress requests updates it sends more than enough data needed to actually perform the update.
We did a search a bit at some point to take a glimpse of the past and how all those got added in there and why but couldn't find anything specific.
There's already a way to modify the call through https://developer.wordpress.org/reference/hooks/core_version_check_query_args/ (and may be more as well) but the concept here is to have everything off by default and add a proper UI and opt-in for the Admins to select what exactly they want to send." xkon
Candidates for Closure 39641 "Idea: Move ""Updates"" from ""Dashboard"" to ""Tools""" Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2017-01-19T17:15:05Z 2017-01-20T19:59:15Z "When plugin/theme/core updates are available, a new submenu gets added to `wp-admin` for ""Updates."" IIRC, this location was picked because for a few reasons:
* Updates are important, so put them towards the top
* There is no ""Notification Center"" so this is the next best place
* This is the site communicating to the user, so ""Dashboard"" has a logical association
Revisiting this, having had this show up for myself recently, ""Dashboard"" suddenly felt... off...
* Updating software in other large projects is actually a bigger deal, with dedicated top-level sections for managing it all
* WordPress is logically progressing towards software updates being as invisible to the user as comfortably makes sense
* ""Dashboard"" shouldn't be a dumping ground for ""this has no other home"" type pages
* A ""Notification Center"" for individual users exponentially complicates how this interface works. Do ""global"" notifications exist? Does clearing it for one user clear it for all users? How do we re-check, without user-transients? Obviously, all of this is premature for this idea anyways...
So, this got me thinking about our other ambiguously named top-level-menu item: ""Tools""
* Upgrades and updates are technically tools being ran with a mostly-acceptable interface on top of them
* The ""Available Tools"" page is a pretty lonely place to be
* Plugins already have started putting their own tools in that tools menu, so why not core?
I'll attach a screenshot of a relocated submenu to help visualize, and please feel free to close this issue if the notion is premature or silly or whatever." johnjamesjacoby
Candidates for Closure 39364 Introduce a trigger to handle a custom queue job and run them Upgrade/Install 4.7 normal normal Awaiting Review enhancement new dev-feedback 2016-12-21T17:03:28Z 2017-11-07T14:13:11Z "While I was creating a plugin which imports theme demos. I have to utilize the `wp.updates` for AJAX way to import and delete the demo packs but unfortunately there are no any trigger which I can utilize to update the queue job for demo by using its action and data in `wp.updates.queueChecker`. As a fix I have introduced a trigger in a patch file :)
Any procedure to the extend self-executing anynonmous function `wp.updates.queueChecker` below with only trigger `$document.trigger( 'wp-updates-queue-job', job );` is much appreciated :)
{{{
( function( $, wp ) {
var $document = $( document );
wp = wp || {};
/**
* The WP Updates object.
*
* @type {object}
*/
wp.updates = wp.updates || {};
/**
* Sends an Ajax request to the server to delete a demo.
*
* @param {object} args
* @param {string} args.slug Demo Pack.
* @param {deleteDemoSuccess=} args.success Optional. Success callback. Default: wp.updates.deleteDemoSuccess
* @param {deleteDemoError=} args.error Optional. Error callback. Default: wp.updates.deleteDemoError
* @return {$.promise} A jQuery promise that represents the request,
* decorated with an abort() method.
*/
wp.updates.deleteDemo = function( args ) {
var $button = $( '.theme-actions .delete-demo' );
args = _.extend( {
success: wp.updates.deleteDemoSuccess,
error: wp.updates.deleteDemoError
}, args );
if ( $button && $button.html() !== wp.updates.l10n.deleting ) {
$button
.data( 'originaltext', $button.html() )
.text( wp.updates.l10n.deleting );
}
wp.a11y.speak( wp.updates.l10n.deleting, 'polite' );
// Remove previous error messages, if any.
$( '.theme-info .update-message' ).remove();
$document.trigger( 'wp-demo-deleting', args );
return wp.updates.ajax( 'delete-demo', args );
};
/**
* Updates the UI appropriately after a successful demo deletion.
*
* @typedef {object} deleteDemoSuccess
* @param {object} response Response from the server.
* @param {string} response.slug Slug of the demo that was deleted.
*/
wp.updates.deleteDemoSuccess = function( response ) {
wp.a11y.speak( wp.updates.l10n.deleted, 'polite' );
$document.trigger( 'wp-demo-delete-success', response );
};
/**
* Updates the UI appropriately after a failed demo deletion.
*
* @typedef {object} deleteDemoError
* @param {object} response Response from the server.
* @param {string} response.slug Slug of the demo to be deleted.
* @param {string} response.errorCode Error code for the error that occurred.
* @param {string} response.errorMessage The error that occurred.
*/
wp.updates.deleteDemoError = function( response ) {
var $button = $( '.theme-actions .delete-demo' ),
errorMessage = wp.updates.l10n.deleteFailed.replace( '%s', response.errorMessage ),
$message = wp.updates.adminNotice( {
className: 'update-message notice-error notice-alt',
message: errorMessage
} );
if ( wp.updates.maybeHandleCredentialError( response, 'delete-demo' ) ) {
return;
}
$( '.theme-info .theme-description' ).before( $message );
$button.html( $button.data( 'originaltext' ) );
wp.a11y.speak( errorMessage, 'assertive' );
$document.trigger( 'wp-demo-delete-error', response );
};
/**
* Pulls available jobs from the queue and runs them.
*/
wp.updates.queueChecker = function() {
var job;
if ( wp.updates.ajaxLocked || ! wp.updates.queue.length ) {
return;
}
job = wp.updates.queue.shift();
// Handle a queue job.
switch ( job.action ) {
case 'install-plugin':
wp.updates.installPlugin( job.data );
break;
case 'update-plugin':
wp.updates.updatePlugin( job.data );
break;
case 'delete-plugin':
wp.updates.deletePlugin( job.data );
break;
case 'install-theme':
wp.updates.installTheme( job.data );
break;
case 'update-theme':
wp.updates.updateTheme( job.data );
break;
case 'delete-theme':
wp.updates.deleteTheme( job.data );
break;
default:
break;
}
$document.trigger( 'wp-updates-queue-job', job );
};
})( jQuery, window.wp );
}}}
" shivapoudel
Candidates for Closure 20437 WP Upgrader filter to allow plugins to upload to existing directory Upgrade/Install 3.3.1 normal normal Awaiting Review enhancement new reporter-feedback 2012-04-13T16:52:30Z 2015-08-04T18:00:49Z "Our plugin for WP uses various elements of the WP upgrader class to manage plugins for our plugin. ;) This has worked great except when we went to extend it further and allow uploading of plugins through the WP Upgrader class much like you can with WP plugins.
The issue is that currently, the WP Upgrader class is coded to expect the upload destination to be empty - EXCEPT if the upload destination (the base directory) is one of these hard coded locations:
in_array( $destination, array(ABSPATH, WP_CONTENT_DIR, WP_PLUGIN_DIR, WP_CONTENT_DIR . '/themes') )
So since our plugin storage location is not one of those, it fails since there may already be some plugins there.
Sure would be nice if that array of locations that does not have to be empty (the important base dirs which allow dropping down a directory level)... a simple filter would accomplish this...
Hope its not too late in 4.3 for a simple filter..." usermrpapa
Candidates for Closure 41335 dbDelta() does not recognize MySQL's IF NOT EXISTS statement Upgrade/Install normal normal Awaiting Review enhancement new reporter-feedback 2017-07-15T12:24:51Z 2017-07-16T02:17:21Z "When a new table is creating with {{{IF NOT EXISTS}}} MySQL statement in query then array {{{$cqueries}}}(creational queries) will have invalid table names as keys.
The keys of the array use below in the function's code for fetch the table column structure in {{{DESCRIBE}}} statement.
Example query: {{{CREATE TABLE wp_delta_table...}}}
The extracted table name: wp_delta_table
Example query: {{{CREATE TABLE IF NOT EXISTS wp_delta_table...}}}
The extracted table name: IF" kmaxim
Tickets Needing Feedback 37860 Labels are misplaced with respect to text box. Upgrade/Install 4.6 normal normal Future Release defect (bug) new has-patch 2016-08-28T14:42:57Z 2018-04-26T20:17:45Z "On plugin-install.php and theme-install.php. Labels on favorites tab seem not aligned.
Labels and text box should appear same align.
" juhise
Tickets Needing Feedback 16156 update-core is oblivious to api.wp.org being unreachable Upgrade/Install normal normal Future Release defect (bug) new dev-feedback 2011-01-08T09:51:38Z 2015-10-01T03:32:20Z "A server running 3.0.4 had trouble reaching *.wordpress.org for some unknown reason. (This wasn't during the brief api.wp.org outage, and it worked otherwise.)
Problem is, update-core was completely oblivious to this. It's even worse when running 3.1, because the 'Check Again' button will refresh the page and tell you we last checked for updates *just now*.
Try Again or Check Again should reflect that the API is unreachable when this can be determined. Claiming that we checked for updates is also really lame, so we should see if the transient tells us how long it's been since the last one.
Side note, the plugin install et al. HTTP error messages are rather cryptic, and we should also make those more user friendly." nacin
Tickets Needing Feedback 24579 Add Drag'n'Drop UI to plugin and theme manual uploaders Upgrade/Install high normal Future Release enhancement new 2013-06-14T17:03:38Z 2017-10-04T20:19:38Z "We have this nice looking easy to use drag-n-drop UI for our media, is there anything stopping us from having it for our plugin and theme uploaders? I know most people use the search that goes through the .org repo, but it's foolish to think that's the only place people ever get their products. This would help facilitate a consistent user experience throughout the entire WP Admin.
Edit:
If possible, support multiple uploads too." tw2113
Tickets Needing Feedback 25219 DISALLOW_FILE_MODS shouldn't remove update notifications Upgrade/Install normal normal Future Release enhancement new 2013-09-02T20:09:11Z 2018-01-29T18:13:30Z "I think there are valid use cases where an admin would want to set `DISALLOW_FILE_MODS`, but still want to get the notifications when core/plugins/theme updates are available.
Instead of using the built-in updater, some installs are setup to use svn:externals (or Git submodules) for updates, and others prefer to use wp-cli. In those cases, it's still very useful to get the notifications, because without them an admin has to remember to manually check for updated. That inevitably leads to situations where important security updates are missed for weeks or months, which makes the site vulnerable.
I understand the logic behind removing the notifications -- because the admin can't actually take action on them through WordPress -- but I think that incorrectly assumes that the notices have no purpose if they can't be acted on from inside WordPress. The notifications are still very useful, even if the admin chooses a different method of actually installing the updates.
My proposed solution is to introduce new meta capabilities for `view_core_updates`, `view_plugin_updates`, and `view_theme_updates`. This would add some granularity to the current approach, so we could distinguish between being able to ''know'' that updates are available, and being able to ''install'' them.
The new meta caps would default to `manage_options`, so that all administrators could see them, regardless of `DISALLOW_FILE_MODS`. If that's undesirable, though, then they could map to their corresponding meta caps (`update_core`, etc) instead (and then be overridden via the `map_meta_cap` filter in order to enable the notifications)." iandunn
Tickets Needing Feedback 26879 Friendlier welcome when installing WordPress Upgrade/Install 3.0 normal normal Future Release enhancement reopened has-patch 2014-01-20T07:58:23Z 2017-10-02T16:13:56Z "When you first install WordPress, the very first interaction you have with WordPress is an error - by design.
The message is, ""There doesn't seem to be a wp-config.php file...."". The page title is ""WordPress > Error"". For new users to WordPress, this is an intimidating message suggesting that they have done something wrong.
This page hasn't been updated for a while. This ticket provides a more welcoming first page for new users.
Summary of Changes:
* Replaced error message with a more friendly message.
* Changes page title from ""WordPress > Error"" to ""Welcome to WordPress [version number]""
* Changed HTML div name from #error-page to #wp-welcome-page. Updated associated CSS.
* Added WordPress png and svg logo to top of page.
Please see attached screenshot of before and after.
" mrtortai
Tickets Needing Feedback 17451 Unify plugin update notices and include changelog data nacin* Upgrade/Install normal normal Future Release enhancement accepted dev-feedback 2011-05-16T09:23:25Z 2015-05-12T06:08:34Z "Currently the after_plugin_row hook is only used on plugins.php which is used by the Changelogger plugin to show plugin changelogs inline.
If the hook is also added to the bottom of list_plugin_updates in update_core.php then changelogs could also be displayed on that page too.
It's only a single line change so not sure how/if it's worth me attaching a patch for this?" dempsey
Tickets Needing Feedback 15101 Update Message Reduces User Orientation reg. WordPress Version Upgrade/Install 2.5 normal normal Future Release enhancement new has-patch 2010-10-12T12:06:13Z 2018-05-17T16:15:52Z "This is a usability issue many customers are telling me: When there is a WordPress update message, the current version is not prominent any longer.
Normally the current version is displayed in the admin's footer. If there is a (very promintent ""on top"") update message, this version information get's hidden in footer as well.
The only place where a user can find the current version is in some dashboard widget. That location is hard to find. And that location is hard to describe on the phone, e.g. in support.
I suggest to restore the current version display in the footer, because a footer is very easy to find and to describe by phone.
Additionally the update message on top should display the current version number as well. Something Like There is a new version available, you're currently running (should be 65%-70% of the width in english text of a 1024 width screen (970 or so viewport size) to allow this to be translated w/o consuming too much of the screen real estate)." hakre
Tickets Needing Feedback 9757 Allow Plugin/Theme updates from a uploaded .zip file. Upgrade/Install 2.8 high normal Future Release feature request new dev-feedback 2009-05-08T00:17:07Z 2018-04-12T20:54:30Z "Plugin administration lacks of an update possibility by uploading zip files. This feature is only half-done in 2.7, you can only upload plugins as zip to install them, not to update them.
Zip file uploads should be treated the same as the other install/update possibilities like remote.
#9708 provides a testcase that can be used to test such am update by zip.
currently a over-upload in the install page does throw an error that the directory already exists:
{{{
Installing Plugin from uploaded file: 9708-plugin-testcase-9708-plugin-a-v-0.2.zip
Unpacking the package.
Installing the plugin.
Destination folder already exists. [...]worpress-trunk/wp-content/plugins/9708-plugin-testcase/
Plugin Install Failed.
}}}
" hakre
Tickets with Patches 36823 """TypeError: wp.updates is undefined"" when installing a plugin" Upgrade/Install 4.9.2 normal normal Future Release defect (bug) reopened has-patch 2016-05-12T10:15:11Z 2018-01-22T14:04:40Z "When I install a new plugin that has a translation pack for my current language (which is not `en_US`), I get the following error:
> TypeError: wp.updates is undefined
> `if ( wp && wp.updates.decrementCount ) {`
Patch will follow soonish." tfrommen
Tickets with Patches 15729 Better UX after supplying incorrect information to setup-config kapeels* Upgrade/Install low normal Future Release defect (bug) accepted has-patch 2010-12-08T07:19:24Z 2015-09-02T02:27:00Z "In #15682 I added a 'Try Again' button to step 2 of setup-config.php if the credentials were incorrect.
The button is a simple link with a `javascript:history.go(-1)` hack. This should instead be a form with hidden values that submits back to setup-config.php?step=1, and fills out the form so they can try again.
Additional enhancement: If the prefix is malformed (can only contain letters, numbers and underscores), we do a wp_die(). We should again have a form with a 'Try Again' button that returns them.
As an added bonus, incorrect credentials should be filled out (for reference) but marked as incorrect and potentially with the focus set on that field.
Only caveat I can think of: This will require the use of esc_attr(), which we don't have access to yet. Not sure how to solve that without reverting to htmlspecialchars() with some extra work." nacin
Tickets with Patches 40966 Double clicking the Update plugins-button gives... interesting experience! swissspidy Upgrade/Install 4.6 normal normal Future Release defect (bug) assigned has-patch 2017-06-09T08:45:39Z 2017-09-27T08:57:05Z "Hi there,
I just updated to 4.8 on a bunch of sites and in one site I accidentally clicked the ""Update""-button multiple times. What then happened, was a rather weird experience: After the update of the plugins successfully completed, it did another run where all updates apparently failed.
I tried this on multiple 4.8-installs, all has the same behaviour, so I guess it's fairly easy to reproduce. I've also recorded a video:
http://d.pr/v/qmoc7E/5MFtrVpY.mp4
Steps to reproduce:
- Upgrade to 4.8.
- Go to ""Plugins"" » ""Updates available"" (you need at least a plugin that has updates ready for it)
- Select all update-ready plugins.
- Click the ""Update""-button. Then click it again.
- Observe the table of plugins :-)
Kind regards,
Morten" bitnissen
Tickets with Patches 39593 Improve DocBlocks in class-automatic-upgrader-skin.php Upgrade/Install normal normal Future Release defect (bug) new has-patch 2017-01-15T15:45:03Z 2017-05-19T21:10:46Z "Missing DocBlock Description and wrong @param formatting in:
wp-admin/includes/class-automatic-upgrader-skin.php
public function feedback( $data )
" carl-alberto
Tickets with Patches 29022 Screen reader text (and link title) isn't updated when plugin update count is updated Upgrade/Install 3.9 normal minor Future Release defect (bug) new has-patch 2014-07-25T00:21:10Z 2016-09-26T17:55:39Z "When plugins and themes are updating the update count on the admin bar and admin menu update automatically.
The admin bar also has screen reader text associated with this button, which isn't updated - leaving the wrong text associated with the new update count." pento
Tickets with Patches 27669 Stale `db_version` value after update with external object cache Upgrade/Install 3.9 normal critical Future Release defect (bug) reopened has-patch 2014-04-04T13:00:53Z 2017-03-04T02:45:21Z "This is similar to #26173 but not quite the same.
My site runs trunk with the WordPress Beta Tester and Memcached plugins. The site just updated to [27916] and I'm getting the ""No Update Required"" loop which prevents any access to the admin area.
The `db_version` option in my database has been updated to the correct value (`27916`) but `get_option('db_version')` on any admin page returns a stale value (`26691`). Unlike #26173, the option has been updated with the correct value but the cache remains stale (instead of updating the option with a stale value).
On `/wp-admin/upgrade.php` the object cache is suspended so the non-stale value is returned, which results in the ""No Update Required"" message." johnbillion
Tickets with Patches 34149 Standardize wp-signup.php to also use search engine visibility text DrewAPicture Upgrade/Install normal normal Future Release defect (bug) assigned has-patch 2015-10-04T23:05:00Z 2016-03-17T08:55:45Z "In #27628, we standardized the installation screen to use the same search engine visibility text as the setting in Settings > Reading. We should also change over the text in wp-signup.php. Currently, the option reads as install did before:
{{{
Privacy:
Allow search engines to index this site.
[Yes] [No]
}}}
With Twenty Sixteen:
[[Image(http://f.cl.ly/items/1C2x3x2W0V0P1C2d3010/Screen%20Shot%202015-10-04%20at%205.03.20%20PM.png)]]" DrewAPicture
Tickets with Patches 25777 Two update nags shown in multisite if all blogs aren't updated before the next release Upgrade/Install 3.6.1 normal minor Future Release defect (bug) new has-patch 2013-10-30T19:24:46Z 2015-04-08T04:44:24Z "On a multisite install, the user can be shown two update nags (see attached screenshot). As you can see, one nag is asking the user to update to the latest version, while the other is asking them to upgrade their other sites. This happens on a site on the network that the user updated, but didn't update all of the other sites on the network. If the other sites don't get updated before the next release, they will be shown both nags.
The first nag is being shown by the `update_nag()` function ([http://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/update.php#L198 /wp-admin/includes/update.php#L198]), the second by `site_admin_notice()` ([http://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/ms.php#L606 /wp-admin/includes/ms.php#L606])." jdgrimes
Tickets with Patches 27365 Upgrader bulk_upgrade() functions do not return the correct data aaroncampbell Upgrade/Install 2.9 normal normal Future Release defect (bug) assigned has-patch 2014-03-11T22:20:28Z 2015-10-23T13:00:20Z "In the bulk_upgrade() function of Language_Pack_Upgrader, Plugin_Upgrader, and Theme_Upgrader the values returned are not set properly, resulting in very poor feedback from the function on success or failure.
For instance, take the following code sample from Plugin_Upgrader:
{{{#!php
$result = $this->run( array(
'package' => $r->package,
'destination' => WP_PLUGIN_DIR,
'clear_destination' => true,
'clear_working' => true,
'is_multi' => true,
'hook_extra' => array(
'plugin' => $plugin
)
) );
$results[$plugin] = $this->result;
}}}
Notice how the result is stored in the `$result` variable yet the `$results` variable, which is used as the return value, stores the `$this->result` variable. While the `$this->result` variable does contain some data, it's not very relevant as a return value for these functions. This issue causes a loss of most, if not all error feedback (I have yet to test every possible combination of result possibilities) and fails to provide any useful success condition responses. In most of my test cases, this issue results in each package having a response value of `null`.
This same issue can be found in the Language_Pack_Upgrader and Theme_Upgrader classes.
My solution is to simply change `$this->result` to `$result` as found in the supplied patch and as shown below:
{{{#!php
$results[$plugin] = $result;
}}}" chrisjean
Tickets with Patches 33053 download_url() includes query string in temporary filenames Upgrade/Install 4.2.1 normal normal Future Release defect (bug) new has-patch 2015-07-20T21:07:47Z 2017-02-21T09:19:34Z "When installing a theme update, I encountered an error traced back to the update file exceeding the Windows path\filename length limit. It turned out the root cause of this was that the download URL contained a query string with access key information, which was also being included in the filename of the temporary file created by $tmpfname = wp_tempnam($url); in the download_url() function.
In my case, for example, download URL was:
https://s3.amazonaws.com/marketplace-downloads.envato.com/files/140862862/enfold.zip?AWSAccessKeyId=*******************&Expires=1437422162&Signature=*****************-***********%3D&response-content-disposition=attachment%3B+filename%3Dthemeforest-4519990-enfold-responsive-multipurpose-theme-wordpress_theme.zip
which resulted in a temporary file called:
enfold.zipAWSAccessKeyId*******************Expires1437422162Signature*****************-***********-3Dresponse-content-dispositionattachment-3B-filename-3Dthemeforest-4519990-enfold-responsive-multipurpose-theme-wordpress_theme.tmp
rather than the expected enfold.zip
I would suggest that downloaded files should probably exclude any query string from the URL as the simplest method of resolving this issue, but will leave that to development team." Hyperopic
Tickets with Patches 7965 Database upgrade complete message should be an admin notice Upgrade/Install normal normal Future Release enhancement new has-patch 2008-10-25T18:53:28Z 2015-09-02T01:38:07Z When a database upgrade is complete we should just take you to the page you wanted to see and should an upgrade_complete admin notice instead of requiring another button click westi
Tickets with Patches 33932 Filters for Plugin/Theme Update Email Notifications ocean90 Upgrade/Install 3.7 normal normal Future Release enhancement reviewing needs-unit-tests 2015-09-20T04:51:05Z 2016-06-06T21:58:33Z "I've had several requests to enable core update emails, but disable emails for plugins/themes.
If this idea is approved, '''I would love to be the one to tackle this''' as I have yet to contribute to core.
Goal is to keep `send_core_update_notification_email` intact, but allow filters for both plugin/theme background update notifications.
Apparent use-case is a user wants core emails, but not plugin/theme emails. One filter rules them all currently from what I can see in the code-base.
Example use-case in the wild: https://wordpress.org/support/topic/for-on-the-wishlist?replies=8" ronalfy
Tickets with Patches 16216 Hide core updater if running an svn checkout Upgrade/Install normal normal Future Release enhancement new has-patch 2011-01-13T07:26:33Z 2015-10-08T17:54:07Z The logic with this patch is if you are running an svn checkout, do not display the core updater code and instead display a reminder. johnjamesjacoby
Tickets with Patches 17301 Keep the connection open when doing upgrades or long-running operations dd32 Upgrade/Install normal normal Future Release enhancement assigned has-patch 2011-05-02T06:27:39Z 2015-11-02T22:56:03Z "When we do long-running operations like upgrades-over-FTP, we may go a while without sending any data, which may cause the connection to be closed. We should investigate whether we can send some ""hey, still here"" dummy data down the pipe to keep the connection from being unceremoniously closed on us.
For example, Rackspace Cloud Sites runs behind load balancers that cut the connection after 30 seconds of no data. I was able to defeat it by manually flushing some dummy data like so:
{{{
\r\n"";
flush();
sleep( 1 );
}
echo ""DONE"";
}}}" markjaquith
Tickets with Patches 39309 Secure WordPress Against Infrastructure Attacks Upgrade/Install 4.8 normal critical Future Release enhancement reopened has-patch 2016-12-16T17:50:14Z 2018-03-13T17:52:58Z "(Similar to #25052 but much more focused on the implementation details)
== Background ==
Recommended reading:
1. http://seclists.org/oss-sec/2016/q4/478
2. https://www.wordfence.com/blog/2016/11/hacking-27-web-via-wordpress-auto-update/
3. https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers
Currently, if an attacker can compromise api.wordpress.org, they can issue a fake WordPress update and gain access to every WordPress install on the Internet that has automatic updating enabled. We're two minutes to midnight here (we were one minute to midnight before the Wordfence team found that vulnerability).
Given WordPress's ubiquity, an attacker with control of 27% of websites on the Internet is a grave threat to the security of the rest of the Internet. I don't know how much infrastructure could withstand that level of DDoS. (Maybe Google?)
The solution is to make the automatic update mechanism secure **even if the update server is totally owned up**. As published in the third link, the core elements of a totally secure automatic update system are:
1. Offline Cryptographic Signatures
2. Reproducible Builds
3. Decentralized Authenticity / Userbase Consistency Verification
4. Transport-Layer Security
5. Mirrors and Other Availability Concerns
6. Separation of Privileges
However, I'm mostly interested in 1, 2, and 3. I believe 4 is already implemented (if not, this just became a lot scarier).
== Proposed Solution ==
We're going to have to roll this out in phases, rather than all at once.
1. Offline Cryptographic Signatures
1. Decide on a digital signature algorithm and/or cryptography library to use.
2. Generate a keypair for the release managers to use.
3. Pin the public key in a major release (e.g. 4.8 or 4.9).
4. Add signature verification to the update process, but for the first release or two, **don't enforce it**. Just collect data until we're sure it works for everyone.
5. Enforce digital signatures. Then this is satisfied.
2. Reproducible Builds.
1. The update file should be easily reproduced by any end user.
2. The update file and update served by api.wordpress.org should be easily verifiable.
3. We wrote Pharaoh for auditing PHP Archives; something similar may be useful for WP updates: https://paragonie.com/project/pharaoh
3. Decentralized Authenticity / Userbase Consistency Verification
* See below.
4. Make plugin/theme updates secure.
Once core updates are secure, the next step is to allow plugin/theme developers to upload their own public keys which can be used to sign their own extensions.
If you want a reference implementation, we already have a working secure automatic update system built into CMS Airship (which is GPL 3):
* https://paragonie.com/blog/2016/05/keyggdrasil-continuum-cryptography-powering-cms-airship
* https://github.com/paragonie/airship/blob/master/src/Engine/Continuum.php
* https://github.com/paragonie/airship/blob/master/src/Engine/Keyggdrasil.php
=== Decentralized Authenticity ===
In CMS Airship, we're totally decentralized: Every Airship maintains its own record of every update file or new/revoked public key since its inception. (This is because CMS Airship aims for maximum security.)
For WordPress, I'm recommending a federated model instead, but the concepts are mostly the same:
1. Notaries (WordPress blogs or other services that opt in to hosting/verifying the updates) will mirror a Merkle tree which contains (with timestamps and signatures):
* Any new public keys
* Any public key revocations
* Cryptographic hashes of any core/extension updates
2. WordPress blogs will have a pool of notaries they trust explicitly. (This can be provided by your hosting provider, who runs the single source of truth for all their clients, so long as they themselves practice due diligence.)
3. When an update is received from the server, after checking the signature against the WP core's public key, they will poll at least one trusted Notary (send a challenge nonce, current timestamp, a checksum of the update file, and any other useful identifying metadata e.g. ""wp-core version 4.9.2""). The Notary will verify that the update exists and matches the checksum on file, and respond with a signed message containing:
* The challenge nonce
* The response timestamp
* Whether or not the update was valid
This will be useful in the event that the WP.org's signing key is ever compromised by a sophisticated adversary: If they attempt to issue a silent, targeted update to a machine of interest, they cannot do so reliably: To pull off their attack, they have to allow the Merkle tree (that is mirrored by every Notary) to record/broadcast evidence of their attack in order for it to succeed. So while targeted attacks may still be theoretically possible, it will no longer be possible to do them silently.
In addition to a security layer, it's a deterrent against the most sophisticated threats.
=== Securing Plugins and Themes ===
This will probably be the last piece tackled. Basically: Offer the same signing capabilities to theme/plugin developers that will already be in the hands of the core team.
This can be done piecemeal (i.e. optional field on WP.org that allows them to upload their public key, generated by some tooling we provide developers). We should incentivize packages that provide their own signature by, for instance, placing them higher in the listings and/or giving them an attractive and desirable UI element that says ""we're secure"".
If we one day reach near-100% coverage of the WP ecosystem with digital signing, we can discuss making it mandatory.
== Implementation Recommendations ==
Okay, this section is going to be technical so feel free to skip most of this if you're not into cryptography.
TL;DR - We need a libsodium polyfill, which Paragon Initiative Enterprises is willing to write for free if (and only if) the cost of an independent third party audit is covered by the community and/or the community's corporate sponsors.
=== Digital signatures ===
PHP, out of the box, only supports RSA signatures (via the OpenSSL extension), but doesn't support RSASSA-PSS+MGF1SHA256. PKCS1v1.5 padding is unacceptable.
It may be tempting to move towards something like ECDSA, but a mix of security concerns (the Sony ECDSA k-value reuse incident, invalid curve attacks against Weierstrass curves) makes us wary even of RFC 6979 (deterministic ECDSA).
We propose a standardized digital signature algorithm based on twisted Edwards curves. Namely, **Ed25519** or **Ed448** (EdDSA over the RFC 7748 curves).
=== Merkle Trees ===
The TrimmedMerkleTree in Halite is probably the best starting point: https://github.com/paragonie/halite/blob/master/src/Structure/TrimmedMerkleTree.php
Halite's Merkle tree implementations are based on the BLAKE2b hash function (a SHA3 finalist with great performance in software based on the ChaCha20 round function).
=== Checksums ===
One of the following algorithms should be used where ever a checksum is required:
* BLAKE2b
* SHA-512/256
* SHA-512/224
* SHA-384
At no point should MD5 or SHA1 be considered. SHA-256 and SHA-512 are vulnerable to length-extension attacks and are not recommended.
== Action Plan ==
First, if this plan is agreeable by WordPress's security team, we'll get to work on a libsodium polyfill that works as far back as PHP 5.2.4 (in the spirit of WordPress's backwards compatibility tradition).
Once that's finished, independently audited by cryptography experts, and released to the public, we'll work on getting the core cryptographically signed. This will require some additional tooling; the release managers will need to run a command to produce a valid signature of the update file before releasing it.
After core updates are signed and signatures are being verified, we'll build the decentralized verification layer.
Then, we can move forward with making everyone's plugins and extensions securely delivered." paragoninitiativeenterprises
Tickets with Patches 31532 Shiny Updates: Don't activate plugins with PHP errors pento Upgrade/Install normal normal Future Release enhancement assigned has-patch 2015-03-05T04:12:28Z 2016-12-14T11:56:56Z "Branched from #29820.
When we try to activate a plugin through shiny updates, we shouldn't do it if it causes PHP errors." pento
Tickets with Patches 25692 Update /info/ API endpoints Upgrade/Install 3.7 normal normal Future Release enhancement new has-patch 2013-10-25T01:57:10Z 2015-10-03T23:51:15Z "The `/info/` API endpoints need to be updated to use JSON encoding.
Previously: #25311" johnbillion
Tickets with Patches 14781 Allow upload of PHP files as plugin Upgrade/Install normal normal Future Release feature request new needs-unit-tests 2010-09-04T13:28:06Z 2017-08-25T20:03:06Z Currently allowed are only ZIP packages. Plugins that consist of a single PHP file are not supported. It would be handy if uploading a single PHP file is an option. hakre
Tickets with Patches 18289 Direct link to plugin installation should have admin chrome nacin Upgrade/Install normal normal Future Release task (blessed) reviewing has-patch 2011-07-29T06:02:19Z 2015-12-03T20:08:53Z "We should be able to provide a direct link to the page to install a plugin, based on the plugin's slug. This does it: wp-admin/plugin-install.php?tab=plugin-information&plugin=log-deprecated-notices. However, there's no admin chrome, no real indication which site you're on, and no name of the plugin.
If we're not loading that page inside an iframe request, it needs the admin around it, as well as a heading. Probably new styling too.
This would serve as a replacement for [http://coveredwebservices.com/wp-plugin-install/ Jaquith's bookmarklet], which broke in 3.2 (frame busting), as well as allow us to integrate a link on extend/plugins for plugin installation. Related, #16923, which is now closed." nacin
Unpatched Bugs 25819 """ms_files_rewriting"" site option is not created during upgrades" Upgrade/Install 3.5 normal normal Future Release defect (bug) new 2013-11-04T20:04:24Z 2016-04-14T05:30:00Z "While testing an upgrade for a MU era multisite install from 3.1.4 -> 3.6.1 I discovered that the ""ms_files_rewriting"" site option was not being created.
The attempt in `upgrade_network()`...
{{{
if ( $wp_current_db_version < 21823 )
update_site_option( 'ms_files_rewriting', '1' );
}
}}}
... is failing. I believe this has gone unnoticed since the default value is forced to `true` in wp-includes/ms-default-filters.php:
{{{
// If the network upgrade hasn't run yet, assume ms-files.php rewriting is used.
add_filter( 'default_site_option_ms_files_rewriting', '__return_true' );
}}}
" gradyetc
Unpatched Bugs 36887 Database upgrades should fail gracefully Upgrade/Install low normal Future Release defect (bug) new 2016-05-19T03:48:30Z 2016-05-19T05:26:43Z "Currently, `wp-admin/upgrade.php` and `wp_upgrade()` don't check that the database has actually upgraded properly, before returning a success message.
Making them fail gracefully would be nice." pento
Unpatched Bugs 27722 Don't fire a warning when the WP API timeouts — or do so properly. johnbillion* Upgrade/Install 3.7.1 normal normal Future Release defect (bug) accepted 2014-04-08T12:29:43Z 2016-10-31T14:41:42Z "At the time of writing, I'm systematically getting the following error from within the WP admin area's update core section:
{{{
An unexpected error occurred. Something may be wrong with WordPress.org or this server's configuration.
}}}
Two things bother me:
1. It only fires when SSL is used.
2. The raw_response content suggests a connection timeout.
I think the warning itself is of dubious merit. If we decide to keep it, it should be more explicit as to what is going on. And it should always fire, regardless of whether SSL is getting used or not…
A possible exception I'd make is when it's a request timeout — in that case WP should silently try again a few minutes later — without a warning or notice." Denis-de-Bernardy
Unpatched Bugs 26969 Incorrect WP path set when creating a new site with wp in a subfolder Upgrade/Install 3.0 normal normal Future Release defect (bug) reopened 2014-01-31T09:10:01Z 2015-10-13T03:46:41Z If you create a site at / with wp located in /wp/, the installer creates the site with example.com/wp as the home url instead of the expected example.com. Denis-de-Bernardy
Unpatched Bugs 36973 Update FTP credentials form design Upgrade/Install normal normal Future Release defect (bug) new 2016-05-30T09:27:42Z 2018-03-12T16:16:03Z "As reported by @melchoyce in https://github.com/obenland/shiny-updates/issues/100, the filesystem credentials dialog needs some love to improve accessibility and the overall design.
Here's how it could look like: https://cloudup.com/cnvj5NqMefR
Her notes:
1. Update modal style to bring more in-line with other wp-admin modals — like including an ""x"" for closing (even though there's also a cancel button)
2. Make ""Proceed"" primary
3. Also consider changing ""proceed"" to something more descriptive — maybe connect? Proceed might be okay, it's just such a weird-sounding word. Maybe switch the ""proceed"" in both the description and the button to ""continue.""
4. ""This password will not be..."" could stand to be decreased in size just a little and made a lighter grey, to match descriptions on the settings pages. At the very least, the line-height should decrease.
5. ""Authentication Keys"" is at the same level of hierarchy as the field labels. It should probably be bigger, since it's a header above the labels.
6. Additionally: the modal is really tall for mockup purposes, but would ideally be whatever height we normally max modals out at. Any content not visible because of height would be scrollable in the modal, like we do in others.
See also: #34376" swissspidy
Unpatched Bugs 14465 Update Plugins Hangs while displaying 'updating' Upgrade/Install 3.0 normal normal Future Release defect (bug) new 2010-07-30T07:45:17Z 2015-09-02T03:45:13Z "Hi,
Whenever I try to update a plugin the update plugins screen hangs indefinetly.
Example message while this is happening would be-
""The update process is starting. This process may take awhile on some hosts, so please be patient.
Enabling Maintenance mode…
Updating Plugin Link Library (1/1)""
The plugin ulitmately gets updated if I wait a minute or two but this page never refreshes.
I am running WP 3.0.1 but this happend on 3.0.0 as well.
My host is running
MySQL 5.0.90-community
PHP 5.2.13
and my browser is IE8." jamesfed
Unpatched Bugs 35536 WP_Upgrader goes too far up when enumerating parent paths on a network share Upgrade/Install 3.7 normal normal Future Release defect (bug) new 2016-01-19T22:43:29Z 2016-01-21T01:00:28Z "In `/wp-admin/includes/class-wp-upgrader.php`:
When `is_vcs_checkout()` is walking up parent folders, the behavior of `dirname()` causes WordPress to check for folders that couldn't possibly exist. For example, if ""inetpub-share"" was the name of a share on machine ""myserver"", the following folders might be searched for source control folders:
* `\\myserver\inetpub-share\wwwroot\.git`
* `\\myserver\inetpub-share\.git`
* `\\myserver\.git`
* `\.git`
Note that the last two are not even subfolders of `""inetpub-share"".` That is, the search should stop at `""\\myserver\inetpub-share\.git""` because `""inetpub-share""` should be considered a top-level folder.
Even more concerning is that checking for `""\\myserver\.git""` and `""\.git""` are very expensive operations in a network environment, which means that the upgrade logic takes a very long time or will time out.
My proposed remedy is to change this line:
{{{#!php
if ( $context_dir == dirname( $context_dir ) )
}}}
to
{{{#!php
if ( $context_dir == dirname( $context_dir )
|| (substr($context_dir , 0, 2)=='\\\\' && strpos(dirname( $context_dir ), '\\', 2)===false)
}}}
Thoughts?" vfs_hobbes
Unpatched Bugs 35217 WP_Upgrader: writes temporary directory name to plugin folder if zip doesn't have directory Upgrade/Install 4.4 normal normal Future Release defect (bug) new 2015-12-24T15:59:57Z 2016-03-05T20:00:43Z "The issue described in ticket:30945 occurs now in 4.4 as well.
If you serve a plugin zip with the files in the root directory it writes the plugin to the directory including the random string generated by {{{wp_tempnam}}} in file.php. This did not happen in 4.3.
This means this will occur with every plugin not having a directory in the ZIP itself.
In the mentioned ticket it is stated WP expects a plugin to have a directory name. Then why is the plugin upgrader checking if there are multiple files? In this case wouldn't it be better to gracefully return an error?
This block is in class-wp-upgrader.php :
{{{#!php 450 //Locate which directory to copy to the new folder, This is based on the actual folder holding the files.
451 if ( 1 == count( $source_files ) && $wp_filesystem->is_dir( trailingslashit( $args['source'] ) . $source_files[0] . '/' ) ) { //Only one folder? Then we want its contents.
452 $source = trailingslashit( $args['source'] ) . trailingslashit( $source_files[0] );
453 } elseif ( count( $source_files ) == 0 ) {
454 return new WP_Error( 'incompatible_archive_empty', $this->strings['incompatible_archive'], $this->strings['no_files'] ); // There are no files?
455 } else { // It's only a single file, the upgrader will use the folder name of this file as the destination folder. Folder name is based on zip filename.
456 $source = trailingslashit( $args['source'] );
457 }
}}}
The first condition happens on 'wrong' plugin formats, resulting in a faulty plugin directory (with temp string) in the plugins dir. The last condition is the one that always should be expected when the root of the plugin zip is a directory.
" basszje
Unpatched Enhancements 5235 Add Pre-flight checks to install pishmishy* Upgrade/Install normal normal Future Release enhancement accepted 2007-10-19T17:37:56Z 2017-07-02T20:12:11Z "It would be nice for the installer to do some pre-flight checks and warn the users of things that will stop WordPress working (either completely or partially)
Candidates for the pre-flight checks:
* Functions which may be disabled - See #3014
* Memory limit #5235
" westi
Unpatched Enhancements 41270 Allow deletion of plugins or themes from the Updates screen Upgrade/Install normal normal Future Release enhancement new 2017-07-07T18:59:05Z 2018-01-06T17:03:06Z "A suggestion from @matt on a recent [https://make.wordpress.org/core/2017/06/20/dev-chat-agenda-for-june-21st-4-8-1-week-1/#comment-32735 dev chat update thread]:
> Sometimes when you get an update notice for something, you realize you don’t need it. (Like old twenty* themes.) Ability to delete a plugin or theme from the updates screen, instead of updating it." melchoyce
Unpatched Enhancements 35002 Attempt to set executable bits for core directories Upgrade/Install normal normal Future Release enhancement new 2015-12-11T03:06:49Z 2015-12-23T00:50:30Z "I just diagnosed a problem with a site where `wp-includes` was `744` rather than `755`, missing the executable bit and thus preventing CSS/JS from being served.
Suexec was being used, so we should have had the ability to set the executable bit if we had ever noticed this was a problem.
This happened on an existing site, so I'm not entirely sure when we'd fix this. `wp-admin/maint` script? DB upgrade process? Core file update process? I'm not sure what caused this here, which would probably play into how to best account for it. (Wordfence was on the site, could have been related.)
I asked @pento about this and he said ""One less insane error to deal with is always a nice thing.""" nacin
Unpatched Enhancements 27814 Automatic updates should not be silently disabled if I have .hg in file system root Upgrade/Install 3.7 normal normal Future Release enhancement new 2014-04-15T09:17:56Z 2015-12-03T17:32:43Z "My WordPress does not apply updates automatically, although it is told to via define('WP_AUTO_UPDATE_CORE', 'minor');. WordPress did not send any mail with an error report, so I had no idea how to debug that issue. I then found http://wordpress.org/plugins/background-update-tester/ which told me that all conditions pass except for
{{{
FAIL: The folder / was detected as being under version control (.hg).
}}}
'''What?''' Yes, indeed, I am managing system configuration files via Mercurial. The repo is placed in the root of my file system. This is *'''completely'''* unrelated to my WordPress installation.
I see the rational (http://make.wordpress.org/core/2013/09/24/automatic-core-updates/):
{{{
If the install is running as a SVN or GIT checkout, automatic updates are disabled
}}}
But the way it is currently detected is in my opinion strongly over-generalized:
{{{
It looks for .svn, .git, .hg, and .bzr folders in ABSPATH, and every directory above that up to /
}}}
It is fine if WordPress makes assumptions about its own eco system. However, the current implementation assumes that any DVCS placed in any directory when going up the file system hierarchy up to the root is controlling WordPress. What is this assumption based on? That WordPress should be the only thing running on a Linux box? :-) Seriously, this is not a good way to detect if the current ""''install is running as a SVN or GIT checkout''"".
I think everybody agrees that I should not be forced to get rid of my system configuration repository in order to make automatic updates work again. I think WordPress should change this behavior.
What are other good ways of determining ""if the install is running as a SVN or GIT checkout""? One could also question the rational behind this: ''If it is a SVN/GIT/... checkout then *'''most likely'''* it is a development version and the developer *'''most likely'''* does not want automatic updates to be enabled?'' Too many assumptions in this for my taste, even if we could reliably determine whether the current WP installation is a DVCS checkout.
Could that whole thing be done more explicitly?
What would be a quick workaround for me, if I really want to have automatic updates without getting rid of /.hg?
" jgehrcke
Unpatched Enhancements 12671 Installer page doesn't check if MySQL tables were created successfully Upgrade/Install 2.9.2 normal normal Future Release enhancement assigned 2010-03-22T17:47:33Z 2015-12-29T21:33:03Z "When running the web-based setup script - My Mysql user didn't have create permissions so no tables were created but the message (underneath all the MySQL errors) said setup was successful.
I think it would be worth doing a check for no MySQL errors before proclaiming the installation a success." thedotproduct
Unpatched Enhancements 14393 Maintenance mode overkill. Please refine usage of it Upgrade/Install normal normal Future Release enhancement new 2010-07-22T22:12:14Z 2017-03-18T14:52:11Z "Though many tickets have been posted about the Maintenance Mode not resolving, I think that the problem is on a different level.
It is unacceptable that even a failed upgrade of an inactive theme can break a complete Site or even Network. Case in point: I just followed the upgrade alert for an inactive theme, hosted on the WordPRess theme repository.
(Apparently it had an error (Incompatible Archive. PCLZIP_ERR_BAD_FORMAT (-10) : Unable to find End of Central Dir Record signature.) But the point is, this should not have put the entire network in maintenance mode for 10 minutes.
Maybe a check can be done for plugins, themes etc: if they are active, then maintenance mode can be used (though I am definitely not a fan of it anyway)." bike
Unpatched Enhancements 11869 Multisite upgrade notice at wpmu-upgrade-site.php isn't steadily visible. Upgrade/Install 3.0 normal minor Future Release enhancement new 2010-01-11T22:03:14Z 2017-04-23T20:39:16Z "When upgrading (Site Admin > Upgrade) wordcamp.org, it started upgrading each site and flashing a list of 5 sites at a time that had been upgraded (too quickly to really be read beyond the first item in each list). When it flashed through all the screens, it showed ""All done!"" and nothing else.
Preferred UX would be to list the sites in order as they are upgraded but in a single persistent list rather than in flashing batches of five, and to show the all-done message on the same screen, with the list of everything that has been upgraded. It would be good to have the text appear at bottom of list (in sequence) but to also drop in an alert message at top of screen. " jane
Unpatched Enhancements 30559 Plugins and themes translations aren't downloaded when language is changed Upgrade/Install normal normal Future Release enhancement new 2014-11-30T21:48:12Z 2015-11-25T16:56:20Z "When you change language in Settings > General, translations of core for that language are downloaded, but plugins and themes translations aren't. You need to either manually upgrade translations, do any upgrade, or wait until `wp_maybe_auto_update` event fires, which can take couple of hours.
I tried to follow same approach as in [30554] and to hook function `wp_maybe_auto_update` after language is changed and cache is cleared, which should update caches and download translations, but it seems that API doesn't give translations links.
Since right now I can't investigate it in more details, I want to propose fixing this issue with something simple on WP side as in attached patch." dimadin
Unpatched Enhancements 23709 Relax wildcard restrictions for populate_network() when installing in subdomain mode Upgrade/Install 3.5 normal normal Future Release enhancement assigned 2013-03-06T20:03:49Z 2015-10-14T21:12:44Z "I ran into the issue while trying to use wp-cli install-network command with --subdomains support.
Underlying core issue is that populate_network is trying to check if wildcard subdomain is accessible. This makes sense for large networks, but might not work with certain setups, or not needed for small sites.
Proposed solution is to add extra arg for populate_network() $wildcard_check with default to true. See attached patch" rinatkhaziev
Unpatched Enhancements 31534 Shiny Updates: Language pack install support Upgrade/Install normal normal Future Release enhancement new 2015-03-05T04:14:59Z 2016-06-27T07:53:44Z "Branched from #29820.
With the addition of the FTP credentials screen, it'd be nice if language pack installation could make use of it." pento
Unpatched Enhancements 31902 Shiny Updates: Language packs updates Upgrade/Install 4.2 normal normal Future Release enhancement new 2015-04-06T10:25:26Z 2016-05-17T02:24:39Z "Installing or updating plugin
WP 4.1: There is also language packs update triggered and users are notified what was updated.
Current trunk: There is only message ""Updated!"" and nobody knows if language packs update was also triggered and which languages were updated?" pavelevap
Unpatched Enhancements 34649 Support for filtering constants and .htaccess message in network setup Upgrade/Install normal normal Future Release enhancement new 2015-11-10T18:18:41Z 2015-11-10T18:18:41Z "It would be helpful if there were filters to modify the suggested constants and .htaccess message in network setup.
For instance, I'd like to be able to include a switch statement to define `DOMAIN_CURRENT_SITE` based on an environment variable. Similarly, I'd like to be able to disable the .htaccess message when WordPress is running on a Nginx / PHP-FPM setup." danielbachhuber
Unpatched Enhancements 29260 Update site transients response differences Upgrade/Install 2.8 lowest normal Future Release enhancement new 2014-08-19T06:18:59Z 2015-12-03T17:31:49Z "Why do the update_themes and update_plugins have a different response type, one is an stdObject another is a simple array.
That being said the plugin and theme upgrader have the same discordance. Please make them so they are consistent with one another. " krotz
Unpatched Enhancements 25052 Updates and downloads should be signed Upgrade/Install normal normal Future Release enhancement new 2013-08-15T17:03:37Z 2016-12-16T17:51:08Z "Spin off from #18577.
We should sign updates and downloads (including themes and plugins)." samuelsidler
Unpatched Enhancements 43395 Add Automated E2E Tests for Core Updates Upgrade/Install normal normal WordPress.org task (blessed) new 2018-02-23T20:10:48Z 2018-03-17T18:13:29Z "This is a follow up to the issues introduced in #43103 and described in https://make.wordpress.org/core/2018/02/06/wordpress-4-9-4-release-the-technical-details/
Essentially, due to the way automated updates work, we need automated tests that can confirm they are working. Due to the code loading path differences between phpunit, wp-cli, wp-cron, and the WordPress UI, it's important that this test work as close as possible to the way the majority of sites are autoupdated. " jorbin
Unpatched Enhancements 31531 Shiny Updates: Updates on update-core.php swissspidy Upgrade/Install normal normal Future Release task (blessed) assigned 2015-03-05T04:10:58Z 2018-01-16T00:22:08Z "Branched from #29820.
There are several improvements that can be made to `update-core.php`.
Adding inline update support to each of the sections on the page would be a great start, allowing everything to be updated without leaving the page.
Once this is in place, some sort of ""Update Everything"" button would potentially be a nice addition - it would also lay the groundwork for hiding a lot of the UI. If everything can be updated from one button, do we really need to show update buttons for every plugin and theme?
Finally, (this has been mentioned a few times since the original shiny updates work was done), this page is the ideal place for allowing admins to opt-in to auto updates for major WordPress releases, plugins, and themes." pento
Slated for Next Release 37513 Admin bar sub menu items dashicon and screen readers afercia Toolbar normal normal 5.0 defect (bug) reopened 2016-07-29T16:09:47Z 2018-03-05T16:49:11Z "Some screen readers may try to read out CSS generated content. For example, Safari and VoicOver get the admin bar menu sub-items `dashicons-arrow-right` as a text element and try to read it. There's nothing to be announced so VoiceOver just says ""You are currently on a text element"".
[[Image(https://cldup.com/xOaq2xSczn.png)]]
A minor but nice improvement could be refactoring these arrows, either using CSS borders or some other CSS technique, or using a `` and targeting the span for the generated pseudo element.
Either ways, it could be a good opportunity to improve a bit also the visual, maybe these arrows look a bit ""old style"".
Designers welcome!" afercia
Slated for Next Release 43871 JSDoc: wp-includes/js/admin-bar.js atimmer Toolbar normal normal 5.0 defect (bug) assigned has-patch 2018-04-26T14:06:41Z 2018-04-27T00:07:55Z props to @terwdan, @sjardo and @LisanneKluitmans manuelaugustin
Tickets Awaiting Review 42300 Admin Bar CSS assumes body is not positioned Toolbar 4.5.7 normal normal Awaiting Review defect (bug) new 2017-10-21T23:59:02Z 2017-10-22T14:05:21Z "The Admin Bar is appended to the `body` of the page, and uses `position: fixed` for large windows. A space is made for it by using `margin-top` on the `html` tag.
This works fine until the media query for smaller windows changes it to `position: absolute` and there is user or theme CSS with `body {position: relative}`. The bar is then positioned relative to the body instead of html (leaving the margin visible and the bar over the top of body content).
I discovered this because I wanted to add a background overlay on the body, independent of the custom background, so I set the body position to relative and body:before to absolute.
A possible solution is to use body padding instead of html margin, but that might interfere more with theme CSS than the current method." joyously
Tickets Awaiting Review 22660 "Admin bar in multisite: mobile tap on ""My Sites"" dropdown in back-end doesn't work" Toolbar 3.4.2 normal normal Awaiting Review defect (bug) new 2012-11-30T20:40:17Z 2015-02-16T02:50:32Z "Quick steps here to reproduce an issue where the ""My Sites"" dropdown (multisite networks) will drop down and show the ""Network Admin"" link and the list of your sites. But, clicking on a site (to expand and see ""Dashboard"", ""New Post"", etc.) does not happen. Tapping the blog name just closes the dropdown.
I'm not sure what's different but I can consistently reproduce this when in the admin back-end (but works OK on front-end admin bar when viewing a site):
From /wp-admin/ on a mobile device (tested on iOS 6, iPhone 5, iPad) with a multisite network:
1. Tap ""My Sites"" in admin bar
2. See ""Network Admin"" and list of sites below
3. Tap one one of the site names
Expected: Site name expands to show ""Dashboard"", ""New Post"", etc. (same behavior as front-end when viewing site). Screenshot: http://d.pr/i/reOi
Actual: Tapping site name simply closes the ""My Sites"" dropdown, does not browse anywhere nor expand menu" devinreams
Tickets Awaiting Review 43423 Adminbar Icons Resize Incorrectly Toolbar normal normal Awaiting Review defect (bug) new 2018-02-26T19:01:36Z 2018-02-26T22:41:06Z "Icons in the adminbar are not resizing according to the correct screen width. This results in a pretty broken looking interface at a very specific browser window width.
I'll attach a video to better illustrate the problem. It looks like the CSS for the icon size is a few pixels off.
" johnjamesjacoby
Tickets Awaiting Review 36258 BuddyPress Admin Toolbar becomes blank for non-logged users when loading site on a device with a screen smaller than 1024x768 Toolbar 4.4.2 normal normal Awaiting Review defect (bug) reopened 2016-03-16T03:30:37Z 2017-05-30T09:53:38Z "BuddyPress Admin Toolbar becomes blank for non-logged users when loading site on a device with a screen smaller than 1024x768
Reproducible on Wordpress 4.5-beta3-37000, BuddyPress 2.5.1
Reproducible on WP 4.4.2 as well." Valery Kondakoff
Tickets Awaiting Review 39490 IE Issue - iFrame on page overlaps Admin Bar - zindex ignored Toolbar 4.7 normal normal Awaiting Review defect (bug) new 2017-01-05T19:03:20Z 2017-09-05T19:53:34Z "Hello,
I noticed an issue with IE11 iframes ignoring zindex and overlapping the WP Admin Bar, screen;
http://i.imgur.com/yBhFabF.jpg
In the screen we see an iframe with no z-index or absolute positioning overlapping the admin bar when scrolled down.
More info on this bug in IE;
http://stackoverflow.com/a/12977151
The solution is to basically inject an empty (about:blank) iframe into the container for the wpadminbar for IE.
Let me know if I can help with clarifying or troubleshooting, etc.
Thanks
" garrett-eclipse
Tickets Awaiting Review 18556 Toolbar dropdowns when dragging items drecodeam* Toolbar 3.2.1 normal normal Awaiting Review defect (bug) accepted has-patch 2011-08-31T19:15:17Z 2016-08-22T16:16:28Z "When dragging metaboxes, widgets, menu items, etc to the top of the window in order to scroll to drop the item on a portion of the UI that's above the viewing window, the toolbar interferes and produces dropdowns, etc.
If dragging an item, can we disable toolbar actions?
" chexee
Tickets Awaiting Review 43452 Toolbar: Target for page-jump links hidden behind admin bar after a jump Toolbar trunk normal normal Awaiting Review defect (bug) new 2018-03-01T13:08:08Z 2018-03-02T05:24:57Z "Page jump links cause the target text to be hidden behind the admin bar for logged in users after clicking on the page jump link.
=== To replicate ===
1. Create a new post/page
2. Add some text, at least a couple pages
3. Add an id attribute to some text that appear below the fold
4. Add a link at the top targeting the id
(Alternatively, add some footnotes throughout the text)
5. Publish the post, view, and click the link
=== What I expected ===
That the footnote/text with the id attribute will appear at the top of my browser, as it does when logged out:
[[Image(https://cldup.com/X_8HBiRbPd.gif)]]
=== What happened instead? ===
The next line below the targeted text appeared at the top of my browser, as the targeted line itself was behind the admin bar:
[[Image(https://cldup.com/N0GhD2Gj63.gif)]]
If the target id-attribute is added to a heading this is less noticeable - logged out there's some space between the top of the browser and the heading after the jump, but logged in the heading is flush against the admin bar. It looks like the `padding-top` value used on headings mitigates the effect. That padding is absent if the jump target is inline text or a footnote.
This behavior can also be observed with Continue Reading links in posts.
Possibly similar to #22520, found by @designsimply" kokkieh
Tickets Awaiting Review 40683 Add a Plugins link to admin bar menu Toolbar 4.7.4 normal normal Awaiting Review enhancement new has-patch 2017-05-06T08:51:34Z 2018-03-09T14:08:54Z "Now we have acces to :
Dashboard
Themes
Widgets
Menus
Why not acces to Plugins? Why acces to Themes and Menus if once it is finish the site we do not use to change often? [[Image(http://imgur.com/a/JTarJ)]]" colomet
Tickets Awaiting Review 33574 Add ability to scroll through long toolbar menu items morganestes Toolbar 4.4 normal normal Awaiting Review enhancement assigned 2015-08-27T17:45:49Z 2015-09-15T16:31:26Z "Related to #15317, when a toolbar menu has many items, it cuts off at the window height.
We should make long menus in the toolbar (like the New... menu) scrollable by default to enhance UX." morganestes
Tickets Awaiting Review 27859 Admin bar overlayed by IE scroll control Toolbar normal normal Awaiting Review enhancement new 2014-04-17T12:04:00Z 2015-12-03T17:22:37Z "Exists in both IE 10 & 11
The scroll arrow pointing up overlays the admin bar on the right hand side, not sure if this is actually possible to negate in any way.
This effectively blocks the element under it, but since the ""Howdy, User"" is such a big element this isn't a problem. On the other hand, plugins using the admin bar may be blocked by this." Clorith
Tickets Awaiting Review 42366 Missing global parameter in function comment Toolbar 4.9 normal minor Awaiting Review enhancement reopened has-patch 2017-10-28T13:33:07Z 2017-10-28T15:37:36Z "Hello,
There is 3rd global parameter missing in function inline comment wp_admin_bar_edit_menu() in admin-bar.php
[[Image(https://ibb.co/bVpao6)]]" janak007
Tickets Awaiting Review 40594 Reset box shadow for links in the admin bar Toolbar 4.8 normal normal Awaiting Review enhancement new has-patch 2017-04-28T11:25:34Z 2018-01-09T07:48:22Z I am currently working on a theme which uses `box-shadow` for link underline. Because the `box-shadow` property does not get a reset in the admin bar CSS, each link in the admin bar gets a box shadow too (see screenshot). FlorianBrinkmann
Tickets Awaiting Review 38643 Show toolbar in the user's locale Toolbar 4.7 normal normal Awaiting Review enhancement new has-patch 2016-11-03T09:31:06Z 2016-12-04T19:43:26Z "After #29783 and #26511 it might make sense to show the toolbar on the front-end in the user's locale, while keeping the rest of the site in the site's locale.
#29783 actually has a proof-of-concept for that. Screenshot: https://twitter.com/swissspidy/status/773571032963751936" swissspidy
Tickets Awaiting Review 26940 Toolbar Search: Drop down instead of expanding Toolbar 3.8 normal normal Awaiting Review enhancement new has-patch 2014-01-26T01:10:45Z 2017-07-18T15:26:51Z "Stop sliding the entire menu bar contents needlessly, when it would be simpler (and possibly better for accessibility -- less needless movement on the screen) to just drop down a field the way the search field works in twentyfourteen.
This also makes the search more usable on a cluttered adminbar that's already prone to wrapping onto a second line.
Patch is not intended as the final version -- final version would use admin-bar.js to attach the onfocus and onfocusout events -- this is just intended as a proof of concept for UX testing." georgestephanis
Tickets Awaiting Review 24655 use hoverIntent for the WP Admin Bar when viewing site Toolbar normal normal Awaiting Review enhancement reopened 2013-06-28T14:55:50Z 2015-10-10T07:41:23Z by default wp admin bar shows on the theme pages, but it's menus work only with CSS, and I think it should work with hoverIntent js function, as on the dashboard page. alexvorn2
Tickets Awaiting Review 41288 wp admin bar WordPress about and updates icon can't show in Smartphone. Toolbar 4.9 normal normal Awaiting Review enhancement new has-patch 2017-07-11T09:26:39Z 2017-09-20T19:33:51Z WordPress admin side WordPress about and Updates can't show in smartphone it should be display none in Very narrow screens.that can be helpfully for smartphone user. mp518
Tickets Awaiting Review 40544 Flying admin menu bar (Header Bar) Toolbar normal normal Awaiting Review feature request new 2017-04-23T13:04:05Z 2017-05-01T16:10:26Z "Hi , when i travel some where then I use my phone to edit my blog. From last 1 week I'm using my phone to edit my website and I found difficaltly in editing my website.
Like if I have open theme editor them I have to scroll up again and again to access menu :( when i scroll up then all the coding is mixed and make me confused where I have left .
So what I mean is , there should be flying menu bar on top to access the menu easily :) with out scrolling the screen up .
Like i'm sending two images for example , we have to scroll the screen up to view the menu :)" arvindsinghu
Tickets Awaiting Review 36509 Live Responsive Previews in wpadminbar Toolbar normal normal Awaiting Review feature request new 2016-04-13T13:13:07Z 2016-04-14T13:52:53Z "If a user want to preview a new post (or any published post, page, archive etc) in tablet or phone size the user has to go through the Customizer. The function is sort of hidden and the user has to:
- Click preview button / View current page
- Click Customize in admin bar (if user has the privilege to use cutomizer)
- Load the customizer
- Click each device-icon.
My suggestion is to make the publishing workflow more convenient and faster by adding the newly introduced function ""Live Responsive Previews"" directly to the Admin bar. " kebbet
Tickets with Patches 27831 Hide Comments Icon & Count from Toolbar when there are no pending comments Toolbar normal normal Future Release defect (bug) new dev-feedback 2014-04-16T04:34:18Z 2017-02-06T00:35:47Z "The updates icon is only displayed in the toolbar if there are pending updates, so why is the pending comments icon always there, usually displaying ""0""?
The only useful purpose for this link when there aren't pending comments is to get to edit-comments.php to manage approved and spammed comments; however, this is much less actional than the other links in the toolbar (updates, add/edit/view posts, profile, etc.). A link to the Posts list table would be as useful if not more useful than this link to the comments list table, and would serve effectively the same purpose. There is always the potential to add a content-types menu, or even a toggle for the entire admin menu, to the toolbar in the future, but for now it seems wrong to include the comments link in this context when there are no pending comments.
Especially for sites that don't use, or don't often receive very many/frequent comments (which unfortunately is likely the majority), the comments icon in the Toolbar is clutter that should get out of the way when it's unneeded." celloexpressions
Tickets with Patches 34668 Network admin can't be accessed via keyboard Toolbar normal normal Future Release defect (bug) new dev-feedback 2015-11-12T15:58:40Z 2017-07-24T16:30:05Z In order to *reliably* see the network admin dashboard, one has to hover over the 'My Sites' icon. Violates accessibility guidelines & makes it very difficult to access the network admin dashboard for screenreader users, & I would think many mobile users as well. I've tried example.com/wp-admin/network but this does not reliably bring up the network admin dashboard. Actually pressing the enter key while on the icon does nothing either. To reproduce, simply try accessing the network admin dashboard via keyboard. Sometimes I actually can, but that doesn't seem to happen consistently. abletec
Candidates for Closure 26933 "Toolbar ""Howdy, "" message CSS broke in IE" Toolbar 3.8 normal normal Awaiting Review defect (bug) new reporter-feedback 2014-01-25T00:45:39Z 2017-02-05T18:39:35Z "I noticed this when helping a client with their website, and they were using IE 9. The ""Howdy, "" message forces their display name down to the next line, causing problems if they try to click the ""Screen Options"" or ""Help"" tabs. Plus it just looks bad. (see attached screenshot)
I logged in with IE 11 and saw the same issue, and I chased the bug down to wp-includes/css/admin-bar.css, line 126.
{{{
#wpadminbar .quicklinks a,
#wpadminbar .quicklinks .ab-empty-item,
#wpadminbar .shortlink-input {
height: 32px;
display: block;
padding: 0 10px;
margin: 0;
}
}}}
If you change '''display''' to '''inline-block''' rather than '''block''', it fixes the problem.
Looks like the same code is in admin-bar-rtl.css, and I'm assuming that would have the same issue, but I don't know for sure." bhwebworks
Candidates for Closure 22519 iPad toolbar location Toolbar normal normal Awaiting Review defect (bug) new close 2012-11-20T17:45:44Z 2016-08-21T11:53:43Z "The toolbar moves after using quick edit on a post or page. Also the customizer button look strange on iPad.
Steps to reproduce
1: Click quick edit on a post
2: Click ""Allow Pings""
3: Now the admin toolbar should be be lower on page. (I was able to reproduce 4/5 tries)" MikeHansenMe
Candidates for Closure 43244 Admin toolbar breaking full height layouts Toolbar normal normal Awaiting Review enhancement new close 2018-02-07T09:25:02Z 2018-02-07T10:27:08Z "The Adminbar breaks full-height layouts by using margin on `html`, but if we will replace `_admin_bar_bump_cb` code with following:
{{{
}}}
that will work like before, but stops breaking full-height layouts, for example
{{{
html{height: 100%}
body{min-height: 100%}
}}}" loranrendel
Tickets Needing Feedback 38636 Allow data attributes to be added to WP Admin Bar menu items Toolbar normal normal Future Release enhancement new reporter-feedback 2016-11-02T22:19:44Z 2018-03-05T18:49:22Z "It is currently not possible to add your own parameters to WP Admin Bar.
For improved flexibility with javascript I think this could be a good feature.
Example:
{{{#!php
add_node(
'id' => '',
'parent' => '',
'title' => '',
'href' => '',
'meta' => array(
'title' => '',
'data' => array(
'test' => 'data-test content'
)
),
) );
}}}
Example code for class-wp-admin-bar.php (L 497 - 533)
{{{#!php
meta['data'] ) && ! is_array( $node->meta['data'] ) ) {
$node->meta['data'] = array( 'data' => (string) $node->meta['data'] );
}
?>

}}}
Then save draft and change to ""visual editor"".
Now the table has a blank line above and if you return to text editor you see this:
{{{

hello

}}}
This bug happens in 4.9.x, not in 4.8.5." max345
Tickets Awaiting Review 31396 linked image does not take on the class of the inner image and its justification TinyMCE normal normal Awaiting Review defect (bug) new 2015-02-20T18:40:11Z 2015-06-01T16:29:15Z "if you put an image in the wordpress editor and press justify left
the image is justified left with a class of ""alignleft""
However if you now link the image the outer anchor DOES NOT get the class alignleft. and the image won't align left unless the anchor is set to inline.
what if its not?
For stylistic purposes this is bad. The anchor should float left NOT the image. Otherwise the anchor collapses and is not easily styllable.
there are some stuff you can't do to an image like add pseudo elements. and if the anchor doesn't have the ""align left"" its annoying and difficult to work with.
the link should get the alignleft class. It creates more flexibility for us theme developers." shamai
Tickets Awaiting Review 42618 wp.mce.views API not using registered shortcode functions TinyMCE normal normal Awaiting Review defect (bug) reopened 2017-11-18T10:09:02Z 2018-03-05T14:08:23Z "This is a follow-up to #21812.
Hi @all!
Not sure if this is the right place to post, but could not find a better one. Just a few words why I am posting here: I write a plugin that extends the default/ core gallery shortcode (by remove/add_shortcode ('gallery')).
So one of the ""problems"" with the whole 'wp.mce.views' API is, that it completly ignores/ bypass any shortcode functions (registered with WP). So to say it establishes its own shortcode functions, which imho cannot be useful. As a user I would expect, that every view represents the correct output of any shortcode in the content, which is currently not the case.
Unfortunately I am not the Javascript Guru to correct these ""inappropriate"" behaviour. So I am hoping that people with the needed knowledge will find a proper solution for this, espacially @koopersmith who seems to have invented this ""system"".
Beside this hope I would be glad if anyone could give me some advice/ hint, how to circumvent this problem and make views use of the proper shortcode function.
Many thanks in advance!" netsurfer2705
Tickets Awaiting Review 28368 wpviews: copying all content doesn't inlude shortcodes TinyMCE 3.9 normal normal Awaiting Review defect (bug) new 2014-05-26T15:52:47Z 2015-12-03T17:43:03Z "Selecting and copying all the content or part of the content, including a view, doesn't copy the shortcode, but the text inside the view (if there is any text).
[When you select an individual view, it copies the shortcode.]" iseulde
Tickets Awaiting Review 30187 Ability to not apply editor stylesheets to wp_editor TinyMCE 3.3 normal normal Awaiting Review enhancement new 2014-10-29T23:27:40Z 2015-03-17T19:28:09Z "I'm finding that there's no way to remove the editor stylesheets from `wp_editor`. The `mce_css` filter could be used to filter out the styles added with `get_editor_stylesheets` but nothing is passed within the filter to distinguish an editor that should get the editor stylesheets and one that shouldn't.
I'm proposing one of two solutions:
* Add a `theme_styles` bool to `wp_editor` to prevent `get_editor_stylesheets` being added to the `$mce_css` array.
* Pass set to the `mce_css` filter so devs can filter them out.
IMO both patches should be applied, since I see the viability of the setting and the future possibilities of filtering `mce_css` with some context on what's being filtered." dancameron
Tickets Awaiting Review 38115 Add Highlight button to TinyMCE toolbar to allow highlighting (replaces Underline with element) TinyMCE normal normal Awaiting Review enhancement new 2016-09-20T21:11:40Z 2016-09-26T22:26:56Z "Extending #27159
Highlighting of content has become popularized thanks to platforms like Medium, and providing a proper semantic highlighting function in the TinyMCE editor will allow authors to bring attention to content without adding emphasis - an important difference for accessibility.
The Highlight button would trigger the `` element: https://developer.mozilla.org/en/docs/Web/HTML/Element/mark
Reasoning:
With the removal of the Underline button, authors will not be able to highlight text without either emphasizing or strongly emphasizing it, or using the text editor to manually apply the `` element. Why is this needed? Emphasis changes the meaning of content, especially when using accessibility tools like screen readers, and it is unreasonable to expect the average WordPress user to know the existence and purpose of relatively obscure HTML elements." mor10
Tickets Awaiting Review 32753 Automatically wrap the current selection with bracket and quote characters in TinyMCE TinyMCE normal normal Awaiting Review enhancement new 2015-06-22T18:04:20Z 2017-07-03T16:23:57Z "Some intuitive behavioural improvements have been introduced into the TinyMCE editor recently: #31441 and #31571.
A feature I use often when code editing is highlighting some text and then typing a single quote, double quote, or opening bracket. In most code editors this wraps the selected text in the appropriate characters, rather than replacing the selected text with that single character. It becomes frustrating when this isn't the case when editing posts in WordPress.
When any of the following characters are typed while there's an active selection, the text should be wrapped instead of replaced:
* `'` (single quote)
* `""` (double quote)
* {{{`}}} (backtick)
* `(` (opening parenthesis)
* `[` opening bracket)
* `{` (opening brace)
Lesser-useful ones that could be added just for completeness:
* ` and

elements.
You can reproduce this error by:
- opening a new post
- adding `

` in the text editor *
- press the ‘publish’ button
- switch back to the visual editor
- add a link via the ‘insert’ link button (for example: www.google.com)
- switch to the text editor and notice that the result is not a link element but just: `

`
This error didn’t happen in WordPress 4.8.2, but it does in WordPress 4.9.
*please note that from here on, everything in your editor is placed within div elements automatically. For example, just pressing the ‘enter’ button leads to new `

` elements in your text editor" michellefoolen
Candidates for Closure 34792 Adjust auto-scrolling position when the caret is above the top of the editor tools by specific browsers TinyMCE 4.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2015-11-26T05:57:17Z 2016-05-25T19:36:49Z "There is the case that the caret had been hidden under the editor tools by it does not working auto scrolling when it move the caret to top and the editor-expand is enabled.
Such occured case is as follow:
||= Browsers =||= editor-visual =||= editor-text =||
||= Safari(webkit) =|| ok || ng ||
||= Chrome(blink) =|| ok || ng ||
||= Firefox(mozilla) =|| ng || ok ||
||= IE11 =|| ok || ok ||
||= Opera(blink) =|| ok || ng ||
" ka2
Candidates for Closure 39518 All wpviews rerender after add content TinyMCE 4.7 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-01-08T07:07:46Z 2017-04-28T23:32:08Z "Looks like whenever something is added, ALL wpviews re-render. In the wpview/plugin.js:
{{{
editor.on( 'setcontent', function( event ) {
if ( event.load && ! event.initial && editor.quirks.refreshContentEditable ) {
// Make sure there is a selection in Gecko browsers.
// Or it will refresh the content internally which resets the iframes.
editor.quirks.refreshContentEditable();
}
wp.mce.views.render();
} );
}}}
This can cause heights of wpviews above to change with rerender of the views... is this really necessary for ALL views?" programmin
Candidates for Closure 32583 Bringing a sentence/word back a line deletes an underline and dissociates the text after it TinyMCE 4.2.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2015-06-08T09:35:45Z 2015-07-26T06:48:30Z "Hello,
When I want to bring a title of a paragraph a line up with a backspace on my keyboard, it deletes the underline on this word sentence and also dissociates the text that was connected to this word, creating a weird space in between (like it's not part of the paragraph anymore).
For more info: http://imagizer.imageshack.us/a/img673/9822/lDRTgk.gif
I'm on Chrome Version 43.0.2357.81 (64-bit), OS X 10.10.3
Thank you in advance. " Moshe1010
Candidates for Closure 31181 Copy paste from MS Word with comments in text TinyMCE 4.1 normal normal Awaiting Review defect (bug) new close 2015-01-30T11:15:06Z 2015-12-12T23:20:53Z "Hi,
When I copy paste a paragraph with comments from MS Word to the WordPress editor, the words with comments on it are removed. This should certainly not happen ;-)
Seems like a bug?
Cheers,
Koen" dries863
Candidates for Closure 33249 Hardcoded styles in preview should be filterable TinyMCE normal normal Awaiting Review defect (bug) new reporter-feedback 2015-08-03T21:59:46Z 2015-08-05T06:57:10Z "I noticed the wp.media.views.sandboxStyles setting was removed from the mce-views Javascript.
Very well, maybe it's redundant to have it coming from the head portion of the JSON response, and having it in a JS place that can change, is redundant. I looked for the filter to add the necessary styling scripts to style the wp-playlist or other views from the head part of the JSON response to the parse-media-shortcode request, and I found it's ''still'' hardcoded in the function wp_ajax_parse_media_shortcode calls:
{{{
function wpview_media_sandbox_styles() {
$version = 'ver=' . $GLOBALS['wp_version'];
$mediaelement = includes_url( ""js/mediaelement/mediaelementplayer.min.css?$version"" );
$wpmediaelement = includes_url( ""js/mediaelement/wp-mediaelement.css?$version"" );
return array( $mediaelement, $wpmediaelement );
}
}}}
So, there is effectively ''no way'' that one can add the proper previewing style for their theme's players into wp-view system now." programmin
Candidates for Closure 41945 Html Preview Bug in Content Editor TinyMCE 4.8.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-09-21T17:38:32Z 2018-01-16T16:56:53Z Add a page -> In TinyMCE ( text tab ) -> add an '''h1''' , put a '''span''' element with some text inside the '''h1''', update/save. go to '''Visual''' tab, come back to '''text''' tab, '''span''' will be invisible inside '''h1''' tag, refresh page and '''span''' will be visible again. deepakvijayan
Candidates for Closure 41002 I do not work this type of link with the last update TinyMCE 4.8 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-06-11T18:28:37Z 2017-07-22T16:59:41Z "Hello everyone! I hope they are well.
I am here because I present some problems with the links of shink.in
When you have any of them in the clipboard and select a text by pressing the ""Ctrl + V"" key combination, the text is replaced and not linked.
With any other url the simple text becomes hyperlink when pressing that combination of keys ... Also the clicks of this address are shown in the statistics of Jetpack.
I have also had problems when paste text without formatting with the combination of keys Ctrl + Shift + V. Before the text was pasted without format but respected the breaks of lines ... Now when to paste a text of this way autistically eliminates all The jumps of line and fence that is tedious put to place all the jumps of line when it is a long paragraph.
I hope you can solve these small problems.
A greeting!" zontir
Candidates for Closure 28070 Nested alignment breaks TinyMCE 3.9 normal normal Awaiting Review defect (bug) new reporter-feedback 2014-04-30T08:40:33Z 2015-12-03T17:44:06Z "Steps to reproduce:
1. Create a new post and paste the following in text mode, then switch back to visual mode. This is equal to adding a paragraph, inserting a small, left aligned image, and aligning the paragraph to the right.
{{{

This is a paragraph.

}}}
2. Select the image by clicking on it. '''Now you'll see that both the 'align left' and 'align right' buttons are active.'''
6. Try to align the image to the right by clicking on the 'align right' button (which is already active) in the toolbar. It won't work. The `alignleft` class will be removed, leaving the image without alignment.
The first problem happens both in trunk and 3.9. Not in 3.8.
The second problem happens in all of the above, and probably in earlier versions too." iseulde
Candidates for Closure 35397 Rich Excel or Table Formatting Error on WP4.4.1 TinyMCE 4.4.1 normal normal Awaiting Review defect (bug) new reporter-feedback 2016-01-11T07:32:28Z 2016-03-04T17:05:22Z "Hi
Error on pasting Excel table to the visual editor after updating to 4.4.1 Clifford from 4.1. It strips and remove the format and borders. https://wordpress.org/support/topic/error-excel-tablet-format-not-working?replies=2
I already submitted this to the support forum and search for the solution but havent found a concrete solution yet.
Our theme provider also tested it with the default WP theme and got the same problem. They said it is because of the Wordpress editor and not the theme provider.
I really hope you would guys check this and fix if found true.
Thanks." gadjade
Candidates for Closure 40855 TinyMCE error when selecting an image in WordPress 4.5/4.6 TinyMCE 4.5.7 normal normal Awaiting Review defect (bug) new close 2017-05-24T12:13:01Z 2017-06-30T21:34:42Z "This is related to issues #40305 and #40360
Specifically, it relates to how this issue should be mitigated for older WordPress version. As it currently is, inserting images into the WYSIWYG is broken for Chrome users running anything lower than WordPress 4.7, because those WordPress versions run an older version of TinyMCE.
I would like to see a backported patch for older versions to resolve this issue. Not doing that would be a very troubling precedent - essentially breaking the editor for anyone not on the latest version of WordPress.
The issue:
- Insert an image via Add media dialogue
- Click on the image
- The image box/buttos do not appear, error in console is:
{{{
tinymce.min.js?ver=4310-20160418:10 Uncaught DOMException: Failed to execute 'setBaseAndExtent' on 'Selection': There is no child at offset 1.
}}}
This issue in the TinyMCE tracker:
https://github.com/tinymce/tinymce/issues/3611" khromov
Candidates for Closure 38120 TinyMCE on Wordpress >> tab ancor | issue. Bad visual. TinyMCE normal major Awaiting Review defect (bug) new close 2016-09-21T12:52:35Z 2016-11-12T22:49:15Z "In my Wordpress I have this page code:
Code has been pasted here:
http://pastebin.com/TfLaEK1n
IF I paste that code on GitHub ( https://github.com/tinymce/tinymce/issues/3199 ) or TinyMCE demo ( https://www.tinymce.com/docs/demo/basic-example/ ) the content is showed correctly, in my WordPress not.
Also in a clean WordPress Install the code is not showed correctly.
Please take look at this TinyMCE report here (closed because seems not a TinyMCE issue):
https://github.com/tinymce/tinymce/issues/3199
Can you solve this issue on WordPress as TinyMCE says is not an issue related to TinyMCE and WordPress without any plug in have issue?
Support topic on WordPress created here:
https://wordpress.org/support/topic/issue-tinymce-wrdpress-wrong-tab-ancor-content-on-wordpress/
All version of WordPress seems affected.
[[Image(https://cloud.githubusercontent.com/assets/5006150/18708646/41123ebe-7ffc-11e6-9b0d-f5bc67e5e3c7.png)]]
[[Image(https://cloud.githubusercontent.com/assets/5006150/18708657/4d16e994-7ffc-11e6-9389-dfbb4e4b369d.png)]]" peopleinside
Candidates for Closure 32273 TinyMCE results in lost data if post save fails and back button is clicked TinyMCE 4.2.1 normal normal Awaiting Review defect (bug) new reporter-feedback 2015-05-06T22:51:28Z 2016-06-04T00:07:16Z "Here's a pretty annoying and destructive behavior that I'd like to figure out how to address.
Consider a scenario where an error occurs when you submit an update (let's say what's about to become revision 2) to a post (revision 1). When you click Back to go to the previous screen, expecting your updated version (2) to still be there, you'll actually observe that the original revision is there instead (1), thus losing your changes to 2 entirely.
That's exactly what's happening to us because of a content validation function that returns a wp_die() with a relevant error message displayed to the writers when an error is detected (there is a set of house rules, like no hotlinking of images, no double spacing, etc.). The idea is that if an error is detected, a message is shown, the error is corrected, and only then is the post allowed to save.
So what is causing the revision that was there when the page originally loaded rather than the most recently entered text to show up when you return to the page? Is that TinyMCE logic clobbering what one would expect to be saved submitted form data?
Is there a workaround to disable this behavior?" archon810
Candidates for Closure 26332 "TinyMCE stripping on empty line" TinyMCE 3.2 normal normal Awaiting Review defect (bug) new close 2013-11-29T22:23:06Z 2016-09-20T01:20:34Z "From http://wordpress.org/support/topic/mce-editor-stripping-attributes-and-removing-tags?replies=7 (started 11 months ago)
If you type in `` in Text mode then switch to Visual and back, that tag gets replaced with a non-breaking space ` `
Reported as an issue in 3.7.1" Ipstenu
Candidates for Closure 32777 Visual Post Editor is missing - Firefox dev console shows incorrect include link for tinymce TinyMCE 4.2.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2015-06-24T09:44:07Z 2015-07-19T18:45:56Z "My client mentioned that the visual editor was showing white with no toolbars available. This is a new site, and had recently updated to WP 4.2.2. After searching various items on web, went in to look around. I deactivated and removed all plugins. Site is using Twenty Fifteen theme. Logged out, cleared cache, logged in again, still not working.
Downloaded wordpress 4.2.2 from wordpress.org to local computer. In webhost, deleted all wordpress files aside from wp-config.php and wp-content directory.
I uploaded new wordpress files from wp 4.2.2 download to web server. Visited site, verified that it is working correctly. Logged in. At this point, there are no plugins installed. Site has 1 post and 3 pages added.
Went to Add New post, Visual Editor still not showing.
Opened Firefox Web Develop web console and reloaded Add New post page.
Console window listed the following:
02:01:46.573 ""Failed to load: http://experiencelanguage.org/wp-admin/http:/wp-includes/js/tinymce/plugins/media/plugin.min.js""1 tinymce.min.js:4:2622
This repeats for every "".js"" file in the tinymce plugins directory. I am attaching a screenshot of the errors.
Looking at the url, it is obvious why it is failing, as the url is a concatenation of two different paths. I am not sure where this mashing together is occurring, or how to correct it.
Any assistance would be very much appreciated.
Thanks,
Russell Mercer
" getspatial
Candidates for Closure 40083 if wp_editor is used in a metabox and you change 'visual' to 'text' and save, it affects the main editor too TinyMCE normal normal Awaiting Review defect (bug) new close 2017-03-09T15:51:48Z 2017-03-09T21:37:30Z "http://giphy.com/gifs/3o7btPiFRNQkPNH1Ys
Please view the gif above.
This shows the editor and a metabox editor using wp_editor.
When one is switched from 'visual' to 'text' the other switches on save." shamai
Candidates for Closure 40274 invisible fonts in admin panel, visual editor missing TinyMCE 4.7.3 normal normal Awaiting Review defect (bug) new close 2017-03-27T10:14:19Z 2017-03-28T09:02:41Z "description:
invisible fonts in admin panel, visual editor missing
more search words:
error - white fonts in text editor, visual editor disappeared
known fix:
This widely known bug and how to fix it is already described here and here:
7 months ago:
https://wordpress.org/support/topic/visual-editor-missing-15/
in 2013:
http://www.wpbeginner.com/wp-tutorials/how-to-fix-white-text-and-missing-buttons-in-wordpress-visual-editor/
I had same bug at 2017-03 in WP 4.7.3 and used fix
{{{
define('CONCATENATE_SCRIPTS', false);
}}}
without any idea of what happened and what am I doing. It worked, but it wasn't a pleasant experience.
Reinstalling Wordpress does not fix it, and it always needs a manual fix I thing it is a good thing to report it as a bug" dadapotok
Candidates for Closure 41416 styleselect no longer displaying webfont from editor style TinyMCE 4.9 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-07-24T04:38:41Z 2017-07-24T10:36:13Z "Webfonts enqueued as an editor style no longer render in the styleselect dropdown. They definitely used to; perhaps a change in 4.8.
Steps to replicate:
- add in the styleselect dropdown and a simple style:
{{{
add_filter('mce_buttons_2','my_mce_buttons_2');
function my_mce_buttons_2( $buttons ){
array_splice( $buttons, 0, 0, 'styleselect' );
return $buttons;
}
add_filter('tiny_mce_before_init', 'my_mce_mod');
function my_mce_mod( $init ) {
$style_formats = array (
array( 'title' => 'Test', 'block' => 'p', 'classes'=>'test'),
);
$init['style_formats'] = json_encode( $style_formats );
$init['style_formats_merge'] = false;
return $init;
}
}}}
- enqueue an editor style which uses font-face, and apply the styling to the test class.
The font appears fine in the editor, but has a big ugly default in the styleselect dropdown.
I'm hoping there is a solution to this that doesn't include having to repeat the whole font definition in wp-admin itself." smerriman
Candidates for Closure 39423 Create add_editor_script, analogous to add_editor_style (add JavaScript to TinyMCE) TinyMCE 4.8 normal normal Awaiting Review enhancement new close 2016-12-30T01:58:09Z 2017-01-02T00:29:21Z "It would be helpful to be able to load external and inline JavaScript in to TinyMCE.
Suggestion: create an `add_editor_script()` function, analogous to `add_editor_style()`.
Use case: embed handlers or shortcode handlers that require custom JavaScript." paulschreiber
Candidates for Closure 37805 Enhancement: TinyMCE - Add ability to detect www links TinyMCE 4.6 normal normal Awaiting Review enhancement new reporter-feedback 2016-08-24T00:41:29Z 2016-08-30T21:25:31Z "Currently TinyMCE doesn't detect www links without {{{http://}}} in front of them.
This means that the workflow for making {{{www.url.com}}} into a link is Select Text -> Press Link Button (or Ctrl+k) -> Type (or copy/paste) text into link dialogue, while the workflow for an {{{http://}}} is simply Link Button (or Ctrl+k) -> Enter.
Since www is still pretty common for canonical urls, it seems like it would be useful to include detection of www links in TinyMCE, and avoid the extra step, and improve this workflow. This would especially benefit more basic users (who may not realize they can c/p and Ctrl+k in the first place) by making the WordPress experience friendlier and faster for them." lunacodes
Candidates for Closure 40509 Mutation events TinyMCE 4.7.4 normal normal Awaiting Review enhancement new reporter-feedback 2017-04-21T08:00:05Z 2017-07-22T13:13:12Z "https://developer.mozilla.org/en-US/docs/Web/Guide/Events/Mutation_events ,
Mutation events provide a mechanism for a web page or an extension to get notified about changes made to the DOM. Use Mutation Observers instead if possible.
Need an upgrate for JQuery
" casshern83fr
Tickets Needing Feedback 28940 TinyMCE strips out empty tags, breaking font awesome TinyMCE 3.9.1 normal normal Future Release defect (bug) new dev-feedback 2014-07-17T23:09:18Z 2018-05-24T10:00:50Z "See also #22477 and #23037.
Still relevant on 3.9.1, clean install on newest Chrome." DonSailieri
Tickets with Patches 29171 empty (and valid) span tags are removed when switching from visual to text editor and back to visual TinyMCE 3.9 normal normal Future Release defect (bug) new has-patch 2014-08-10T19:09:52Z 2017-10-09T17:56:31Z "Forwarded from #28940, related #27391.
The difference with #27391 is that when I tried to use a Bootstrap 3 Glyphicon approach while having the 28940.patch installed the editor removes the (empty) span tag. The span tag doesn't use any new schema type of attribute, just a regular class.
(see http://getbootstrap.com/components/ Glyphicons, How to use for testing)
" ruud@…
Tickets with Patches 29385 wpview: selecting all the content with ctrl/cmd + A when there's a view on top doesn't work iseulde TinyMCE 4.0 normal trivial Future Release defect (bug) assigned has-patch 2014-08-26T20:21:36Z 2016-10-06T16:26:11Z iseulde
Tickets with Patches 31159 Kitchen sink should be hidden by default on small screens TinyMCE normal normal Future Release enhancement new has-patch 2015-01-28T15:45:06Z 2015-04-24T14:25:53Z "On my desktop I always have the kitchen sink open so that I have access to all of my tools. However, when I'm on my mobile device they totally get in the way. Like this:
[[Image(https://cldup.com/YZuAoHNZdv.png)]]
We should detect if someone is on a small screen and collapse the kitchen sink menu to give more screen space." siobhan
Tickets with Patches 29804 Use HR instead of IMG as a placeholder for the more and nextpage tags TinyMCE normal normal Future Release enhancement new needs-unit-tests 2014-09-29T20:23:14Z 2016-10-06T16:23:04Z Read more here: #28335. iseulde
Unpatched Bugs 34181 on a

disappearing when switching from Text to Visual tab TinyMCE 4.3.1 normal normal Future Release defect (bug) new 2015-10-07T03:25:40Z 2016-05-25T19:19:55Z "If I have this on the ""Text"" tab of TinyMCE:
{{{

}}}
And switch to the ""Visual"" tab, then switch back to ""Text"", the {{{ }}} on the {{{

}}}
Step 3) insrting a break and a space in the visual editor after “topic 1”
{{{
* topic 1
* topic 2
}}}
Step 4) and switching to the text editor gives also a correct code, even so the “ ” is deleted:
{{{

topic 1

topic 2

}}}
Step 5) but switching afterwards back to the visual code results in a weard coding and the text editor has following to show:
{{{

}}}
I can't really think of a scenario where quoting each list item separately would be preferred.
To get around it, I usually type something on a new line, blockquote it with both ends as regular text, then delete the unnecessary bits, but that's not a preferable experience. I've been experiencing this for a while, but kept forgetting to report it." krogsgard
Unpatched Bugs 36469 Chrome bug when placing cursor before or after Gallery shortcode (WPView) TinyMCE 4.4.2 normal normal Future Release defect (bug) new 2016-04-11T08:22:50Z 2016-07-12T22:55:14Z "To reproduce this issue: in the Visual editor mode, type a long text followed by a Gallery shortcode (you have to scroll to see the gallery).
In Chrome, if you click to the left or right of the Gallery WPView to place the cursor, the editor jumps to the top." bduclos
Unpatched Bugs 26842 Contenteditable, multiple spaces, &nbsp, and U+00A0 TinyMCE 4.7 normal normal Future Release defect (bug) new needs-unit-tests 2014-01-15T17:03:31Z 2018-01-30T23:46:59Z "In contenteditable mode when the user types multiple spaces (ASCII char 32, U+0020) they are preserved. The browsers insert ` ` as every other character, the string is ` ` etc.
In WordPress TinyMCE is set to
{{{
'entities' => '38,amp,60,lt,62,gt',
'entity_encoding' => 'raw',
}}}
Anything other than the three basic ""htmlspecialchars"" `&`, `<` and `>` is outputted as UTF-8 when serializing the DOM. This outputs the (multiple) ` ` as U+00A0 which in PHP shows as `0xC2 0xA0`([http://en.wikipedia.org/wiki/Non-breaking_space reference]).
A problem with `0xC2 0xA0` is that in PHP the regex `\s` matches `0xA0` in certain cases, fails to match the ""white space"", breaks the UTF char, and sometimes leaves an `Â` behind. One example is wptexturize(), see #22692.
Another problem is that the user is not aware there are multiple ` ` when looking in the Text editor or the html source, as U+00A0 are ""invisible""." azaozz
Unpatched Bugs 41371 Copy & paste of html tables stopped working TinyMCE 4.9 normal normal Future Release defect (bug) new 2017-07-19T23:05:56Z 2017-07-20T10:27:58Z "Dear WordPress team,
we are experiencing a problem after upgrading to 4.8. Copy and Paste of tables using the visual editor copies only the content of the first cell.
Steps to reproduce:
1. create a new article
2. insert a new table by changing to text mode and pasting the following html code:
{{{

R1C1

R1C2

R2C1

R2C2

}}}
3. go back to visual mode
4. create a copy of the table (Ctrl+C, Ctrl+V)
Expected result: two copies of the same table, and this worked reliably a couple of weeks ago
Actual result: Only the content of the first cell (R1C1 in this case) is pasted.
I also tried, instead of step 2, to create a table in Word (or rather LibreOffice) and copy it over to the editor. However, same result after step 4.
Please, can anybody verify that this is a bug?
Since it also is about losing information by copying, I feel like this might be related to #41026." irzig
Unpatched Bugs 35638 Cutting and pasting an image with a caption within the same post will result in loss of caption. TinyMCE 4.4.1 normal normal Future Release defect (bug) new 2016-01-27T22:41:59Z 2017-05-18T14:55:04Z "As title says. Applies to the rich editor.
The caption should persist through the copy and paste." rothschild86
Unpatched Bugs 37970 Editing anchor link after copying adds admin url TinyMCE normal normal Future Release defect (bug) new 2016-09-07T11:55:35Z 2016-09-09T19:11:40Z "I have a small image e.g. an arrow with an anchor link on it e.g. ""#section1"". I copy this image and want to edit the link. Then it adds the complete admin url to the link like this: http://www.someboringsite.com/wp-admin/post.php?post=12&action=edit#section2" philliproth
Unpatched Bugs 34355 Editor: Cannot remove link if link text is wrapped in code tags TinyMCE normal normal Future Release defect (bug) new 2015-10-19T14:11:07Z 2015-12-19T20:41:26Z "'''Steps to Reproduce'''
1. Create a new post with this content:
{{{
The add_post_meta() function.
}}}
2. Place your cursor within the link.
3. When the link toolbar appears, click the Remove button.
'''Expected Result'''
The link is removed.
'''Actual Result'''
Nothing happens.
----
If you remove the `` tags, or add more text to the link and place the cursor outside the code tags, the problem goes away.
If you use a different tag, `` for example, it works correctly.
I assume that tinyMCE is running the `unlink` command against the `code` tags instead of the `a` tag, and therefore it is failing.
I have tested this in trunk and in version 4.3.1.
" jdgrimes
Unpatched Bugs 31538 Impossible to place cursor after a left or right aligned image TinyMCE normal normal Future Release defect (bug) new 2015-03-05T10:10:21Z 2015-04-24T14:51:33Z "Place the following content into a post and then try to insert some text after the image.
{{{
Hello world.
}}}
Placing the cursor after the image is impossible. You can only do so by moving the cursor into position using the arrow keys, and when you do the cursor isn't visible until you start typing.
Tested in Chrome 41 and Firefox 35 on OS X.
Tested back to 3.8. May occur in earlier versions." johnbillion
Unpatched Bugs 33810 Impossible to place cursor after a pre tag at the end of content TinyMCE 3.8 low normal Future Release defect (bug) new 2015-09-10T19:11:13Z 2015-10-24T13:29:59Z "Given the following content at the end of a post:
`

Foo

`
It's impossible to place the cursor after the `

` tag when using the visual editor.
Tested back to 3.8." johnbillion
Unpatched Bugs 36743 Inline link edit not hides in other tabs TinyMCE 4.5.1 normal normal Future Release defect (bug) new 2016-05-03T16:29:28Z 2017-03-01T08:13:39Z "Hi,
As You can see in the video i have captured, The inline link editor toolbar is still showing in other tabs.
Notes:
1. It will happened any time that You have tabs and editor in screen.
2. It works correctly in WordPress editor when we changing editor mode to text.
It maybe belongs to loading editor in iframe. Hope to help.
" h71
Unpatched Bugs 31596 Make it easier to update TinyMCE TinyMCE low normal Future Release defect (bug) new needs-docs 2015-03-11T14:07:00Z 2016-12-08T21:59:16Z "* Load from src like the other tests
* Automatically add the plugins without overwriting files.
* Don't run tests where no plugins are loaded. We're running these test just to test our plugins.
* Remove everything we don't use.
" iseulde
Unpatched Bugs 36683 New Links with Text are not being inserted in visual editor for 4.5 and 4.5.1 versions TinyMCE 4.5.1 normal normal Future Release defect (bug) new 2016-04-27T09:28:06Z 2016-08-17T01:15:07Z "Links added in the editor for TEXT ALREADY PRESET in the following way works fine :
1) Double click on it / select the text portion which you want to be linked.
2) Click on Insert/Edit link button, A pop up will appear
3) Select/Insert the url in the URL input and click on Add Link
BUT if the links are added FOR NEW TEXT ADDED ALONG WITH THE LINK as follows it does'nt get added:
CASE 1:
1) Select the text, cut it and then click on the ""Insert/Edit link"" button, pop up will appear
2) Select/Insert the url in the ""URL"" input, Paste the text you had cut in step 1 in ""Link Text"" input and click on Add Link
CASE 2:
1) Move the cursor in the editor to where you want add a link
2) Now Click on the ""Insert/Edit link"" button, pop up will appear
3) Select/Insert the url in the ""URL"" input, insert the new text needed for the link in ""Link Text"" input and click on Add Link
The above two cases work perfectly fine for wordpress version before 4.5, But it doesnt work in 4.5 and 4.5.1 version" irwinbraganza
Unpatched Bugs 38628 Pasting an image URL inside for a shortcode unexpectedly displays the image TinyMCE normal normal Future Release defect (bug) new 2016-11-02T20:31:28Z 2017-03-19T15:08:27Z "Given a shortcode in the TinyMCE like:
{{{
[image url=""""]
}}}
When I paste an image URL `http://example.org/image.jpg` inside of the `url=""""` attribute, I'd expect to see:
{{{
[image url=""http://example.org/image.jpg""]
}}}
Instead, I see the image URL expanded to its visual representation.
It seems like `smartInsertContent()` should be disabled when the selection is inside of a shortcode." danielbachhuber
Unpatched Bugs 36920 Pasting from MS Outlook converts decimals in unordered list to integers TinyMCE 4.5.2 normal normal Future Release defect (bug) new 2016-05-23T14:59:32Z 2016-07-07T12:37:45Z "We found a really nasty bug, which converts decimal numbers in unordered list to integers when being copied from MS Office.
[[Image(https://dunb.lv/tmp/Wordpress_Paste_Bug.gif)]]" s0what
Unpatched Bugs 30309 Protect forms in the visual editor TinyMCE 4.0 normal normal Future Release defect (bug) reopened 2014-11-11T02:52:01Z 2015-07-21T09:34:02Z I pasted the paypal buy button code in the text of my webpage then when I go to the visual editor it changes the code to make it broken. I'm using the wordpress editor. jsruby22
Unpatched Bugs 38757 TinyMCE view bugs TinyMCE 4.6 normal normal Future Release defect (bug) new 2016-11-11T18:47:54Z 2016-11-18T18:13:31Z "* In safari, pressing enter either before or after the view won't move the cursor properly or at all.
* In Firefox a border appear around the new paragraph, with the class `_moz_abspos=""white""`.
* In all browsers deleting the previous line from before the view doesn't work." iseulde
Unpatched Bugs 40257 TinyMCE wpview: oEmbed previews are not shown if there is only a single line break before the URL TinyMCE 4.4 normal normal Future Release defect (bug) new 2017-03-25T01:58:27Z 2017-03-25T03:07:57Z "Follow up from Slack: https://wordpress.slack.com/archives/C02QB2JS7/p1490366664439760.
When ""embeddable"" URLs are separated by only one line break, they work properly in PHP on the front-end but not in wpview in the editor.
To reproduce paste the following in the Text editor then preview the post:
{{{
https://www.youtube.com/watch?v=3_uj1kedrNk
https://videopress.com/v/zfu4XFD5
}}}
It works properly in the preview / on the front-end, but no instances of wpview are created when switching to the Visual editor.
Happens because the PHP version of the regex that finds these URLs is quite different than the JS version. We should standardize it to the PHP version even if that introduces minor regressions (i.e. we show a preview for something that we didn't before), as the ""true"" functionality is on the front-end, wpview is just previews." azaozz
Unpatched Bugs 36480 TinyMCE: use the API for inline toolbars TinyMCE normal normal Future Release defect (bug) new 2016-04-11T15:02:48Z 2016-07-10T21:28:42Z "Switch our inline toolbars to use the new TinyMCE API. It was improved several times and now has a callback we can use to precisely position the toolbar and take into account our UI changes like ""editor scrolling"" and DWF." azaozz
Unpatched Bugs 35285 Unable to select (gallery) view on iOS TinyMCE normal normal Future Release defect (bug) new 2016-01-02T10:18:27Z 2016-10-06T17:39:01Z "Tapping only sets the cursor left or right of the view.
Hitting return also seems to remove the view sometimes even if the cursor is behind the view.
Tried both gallery and audio views.
Related: https://make.wordpress.org/flow/2015/02/13/gallery-edit-bar-doesnt-show-iphone-6/" iseulde
Unpatched Bugs 33158 inline toolbar: incorrect position if link spans over two lines TinyMCE 4.3 normal normal Future Release defect (bug) new 2015-07-28T20:47:41Z 2015-07-28T21:22:17Z iseulde
Unpatched Bugs 30094 wp.mce.views.toViews() not handling nested shortcodes TinyMCE 4.0 normal normal Future Release defect (bug) new 2014-10-24T20:32:14Z 2016-06-13T12:04:36Z "Working on a custom shortcode implementation that uses a wp.mce.View for a display in TinyMCE. Our QA tester noticed a rendering issue when there was an audio shortcode nested inside our shortcode, ex: [a][audio mp3=""https://archive.org/download/jcalebgreenemp3sample/4_2nd_Perception_of_LightMoon_Mist_and_Rainbow_64kb.mp3""][/audio][/a]
This loop at the start of wp.mce.view.toViews() processes the audio shortcode first:
{{{
_.each( views, function( view, viewType ) {
}}}
Why? Some implementation detail of underscore.js I'm sure. Most likely because wp.mce.views.register() was called for the 'audio' shortcode early on, and its property was added to the views object before ours.
Further down in wp.mce.view.toViews(), this loop breaks the content into an array of ""pieces"" around the shortcodes:
{{{
// Iterate through the string progressively matching views
// and slicing the string as we go.
while ( remaining && (result = view.toView( remaining )) ) {
// Any text before the match becomes an unprocessed piece.
if ( result.index ) {
pieces.push({ content: remaining.substring( 0, result.index ) });
}
}}}
The ""piece"" before the audio shortcode is the opening tag of our custom shortcode, which is now separated from its closing tag and rendered incorrectly in the editor without it (see attached)." csixty4
Unpatched Bugs 28271 wpviews: TinyMCE buttons that aren't relevant should be disabled TinyMCE 3.9 normal normal Future Release defect (bug) new 2014-05-15T21:22:04Z 2017-02-06T09:18:25Z You can't align it, make it bold, quote it etc. Might be best to disable everything and enable buttons that still are relevant (redo/undo, help...). iseulde
Unpatched Enhancements 32175 Caption placeholder for selected image TinyMCE normal normal Future Release enhancement new 2015-04-28T22:07:26Z 2015-11-04T18:09:07Z "This would allow you to add captions much quicker and right where it will be.
A good example is Medium. See screenshot." iseulde
Unpatched Enhancements 33876 Centering multiple images in one row in Wordpress is badly broken and has been for a while TinyMCE 3.9 normal normal Future Release enhancement new 2015-09-15T00:45:07Z 2015-12-20T00:28:14Z "I've been meaning to start a ticket like this for a while, and it's finally time to do it.
Using multiple images in a single paragraph/row in Wordpress is a relatively common occurrence on our blog (androidpolice.com), but doing it in TinyMCE is a big pain.
Problem 1: Aligncenter image class gets applied to the image itself, not to the containing p tag, thus multiple centered images occupy full rows, one image each. To the writer, it's even more confusing because they can't press backspace from the beginning of the 2nd image to join it with the first - nothing happens. Aligncenter is a really evil class IMO, as it takes over the whole line.
Problem 2: Selecting multiple images and clicking Center, applies the class only to one of them at best, which is completely counter-intuitive. Unless an image is explicitly selected, this should instead apply the center to the whole containing paragraph. In fact, this should happen as long as the cursor is not on an image, no matter if the row is selected and highlighted or not. See Windows Live Writer for doing it the right way.
There are countless threads confused by this implementation, attempting to fix it or get around it, but the only thing people have figured out so far is creating a line above the images, putting some text into it, center aligning, then dropping the images into the pre-centered paragraph. This is basically an ugly hack in my opinion and requires coaching of every writer.
I believe TinyMCE can get this resolved properly and benefit everyone using Wordpress. What do you think, guys?
Just go play around with centering images, and you'll see how frustrating and unpredictable it is." archon810
Unpatched Enhancements 32554 Editing an image inserted in a post does not resize correctly TinyMCE 4.2.2 normal normal Future Release enhancement new 2015-06-02T11:12:30Z 2015-12-19T23:44:57Z "Steps to reproduce
1. Upload a large image to the media library
2. Create a new page
3. Add media and select an image
4. Insert image into page
5. Click on image and edit
6. Change size to Custom and make larger
7. Accept the changes
Expected result: The image should be resized without blurring and pixelation as there is a high resolution version of this image uploaded from which to resize with.
Actual result: The image is resized from the small version that was included, and is therefore poor quality.
" rachelbilski
Unpatched Enhancements 36433 Formatting shortcuts continued iseulde TinyMCE normal normal Future Release enhancement assigned 2016-04-06T22:42:03Z 2016-06-20T08:10:01Z "See #31441 and #33300.
Consider adding triple ` for code blocks. Reconsider bold and italic. Any other useful patterns?" iseulde
Unpatched Enhancements 31479 Save custom color palette through refreshes TinyMCE normal normal Future Release enhancement new 2015-02-27T19:47:27Z 2016-04-14T17:15:08Z "When you choose a custom color for your text using the color picker, the custom colors disappear from the palette when the page refreshes, or if the editor is closed and reopened later. This also happens after saving as a draft.
Color picker right after changing text color:
[[Image(http://cdn2.dropmark.com/74615/a48b9d7e5d6cd1ad5798a7ddfbf2ff20ebbc2086/colorshown.png)]]
Color picker after saving draft:
[[Image(http://cdn2.dropmark.com/74615/a2c1a5966634e30eb76f2c3c04771f5fbdfa0d2e/colornotshown.png)]]
Steps to reproduce:
1. Change text color to a custom color choice.
2. Save post as a draft.
3. Reopen the color palette.
Reported in WordPress.com forums: http://en.forums.wordpress.com/topic/custom-color-boxes-in-post-editor" shawnajroberts
Unpatched Enhancements 6331 TinyMCE should have a code button TinyMCE 2.5 normal normal Future Release enhancement assigned 2008-03-21T10:52:42Z 2016-01-18T18:52:24Z "The html editor has a code button on the quicktags bar but TinyMCE doesn't.
This is the only missing feature from TinyMCE that makes me switch to the HTML view when writing my weekly digest posts." westi
Unpatched Enhancements 41430 "TinyMCE: ""highlight"" the image caption DL when the image is selected" TinyMCE normal normal Future Release enhancement new 2017-07-25T08:16:03Z 2017-09-27T16:24:32Z Follow up from #41408. When an image with a caption is selected, or the caption field is focused, it would be good to indicate that the image is part of a larger object. azaozz
Unpatched Enhancements 36890 TinyMCE: add settings for the wptextpatterns plugin to add or override the default text patterns TinyMCE normal normal Future Release enhancement new 2016-05-19T16:55:39Z 2016-12-08T11:54:35Z "Continues from #33300.
Currently a WordPress plugin has to replace the whole `wptextpattern` editor plugin to add or change the text patterns. It would be better to let the patterns be changed by setting an editor option in the init array." azaozz
Unpatched Enhancements 34882 make registered editor stylesheets available to frontend TinyMCE 4.4 normal normal Future Release enhancement reopened 2015-12-06T21:03:47Z 2016-06-09T05:43:55Z "Currently add_editor_style() does not register a style as of theme.php:~1318
{{{
function add_editor_style( $stylesheet = 'editor-style.css' ) {
add_theme_support( 'editor-style' );
if ( ! is_admin() )
return;
...
}}}
For custom frontend usage of wp_editor, there is currently no way to access any custom stylesheets because they are never registered.
The admin check could be moved to class-wp-editor.php:~564 like
{{{
if (is_admin() ) {
$editor_styles = get_editor_stylesheets();
if ( ! empty( $editor_styles ) ) {
foreach ( $editor_styles as $style ) {
$mce_css[] = $style;
}
}
}
}}}
That way, one could use 'mce_css' filter to manually add any custom stylesheets back to the array of stylesheets.
" ungestaltbar
Unpatched Enhancements 28533 wpviews: style them differently TinyMCE 3.9 normal normal Future Release enhancement new 2014-06-14T00:10:36Z 2015-01-11T17:49:00Z "At the moment it's very difficult to see whether a view is selected when the content inside takes up the whole space. It might be better to use a dashed ""outline"" with an offset.
I would also move the buttons outside the view so they don't have to move for smaller views.
We could set the color of the dashed outline to the color of the text (with an opacity) so that it has a good contrast for all kind of backgrounds.
Screenshots and patch coming." iseulde
Unpatched Enhancements 15073 Add Table Buttons to Visual Editor Kitchen Sink (2nd row) TinyMCE low normal Future Release feature request new 2010-10-08T16:54:27Z 2016-12-08T11:45:59Z "Add Table Buttons to Visual Editor Kitchen Sink (2nd row)
This regular comes on the forums. Tables are an infrequent, but very natural way to present information. In an edu environment they are essential.
I suspect you have used tables in your posts, but have the expertise to enter the html directly yourself.
I think the general usefulness, and unobtrusive 2nd row experience makes this a candidate for core, and not plugin material." lloydbudd
Slated for Next Release 43479 Theme detail text cutoff in RTL adamsilverstein Themes normal normal 5.0 defect (bug) assigned 2018-03-06T14:15:07Z 2018-03-08T16:39:56Z "When viewing the theme detail in {{{/wp-admin/themes.php}}}, part of the text is cut off because of CSS. This happens when a RTL language is selected. Tested in Chrome Version 64.0.3282.186 on Win 10 desktop.
ps: I'm surprised I couldn't find tickets on this, but maybe my search foo failed me here ;-)
" birgire
Slated for Next Release 41143 Theme/plugin editing: if you don't select a function it just returns without message xkon Themes normal normal 5.0 defect (bug) reviewing has-patch 2017-06-23T18:22:52Z 2018-03-03T19:46:59Z "The drop down simply returns nothing, could we have a message to say something like 'please search for something'? It feels a little of a hitch in the flow otherwise.
[[Image(https://cldup.com/B7kYDlxlUF.png)]]" karmatosed
Slated for Next Release 43522 Add aria-current to output of Walker_Page Themes normal normal 5.0 enhancement new has-patch 2018-03-11T16:26:47Z 2018-04-13T09:58:26Z "From the reference of ticket [[https://core.trac.wordpress.org/ticket/43191#comment:10|#43191]], Also need to add `area-current` to output of `Walker_Page`.
I think below modifications can help.
{{{#!php
if ( $page->ID == $current_page ) {
$atts['aria-current'] = 'page';
}
}}}
" chetan200891
Slated for Next Release 43682 Document $relative_file, $stylesheet global in wp_print_theme_file_tree() Themes trunk normal normal 5.0 enhancement new has-patch 2018-04-03T06:00:34Z 2018-04-03T11:20:16Z global $relative_file, $stylesheet are used but it is not mentioned in the documentation of the wp_print_theme_file_tree() function. mukesh27
Slated for Next Release 43717 Ping back URL display with out escaping. Themes 4.9.5 normal normal 5.0 enhancement new has-patch 2018-04-07T09:35:28Z 2018-04-15T23:22:57Z "functions.php
Line no 401 : printf( '' . ""\n"", get_bloginfo( 'pingback_url' ) );
According to theme review hand book [https://make.wordpress.org/themes/handbook/review/required/#code Ref] data should be escaped before output.
So the right way.
printf( '' . ""\n"", esc_url( get_bloginfo( 'pingback_url' ) ) );
" sharaz
Slated for Next Release 40731 locate_template() performance improvement johnbillion Themes normal normal 5.0 enhancement reviewing has-patch 2017-05-11T12:11:51Z 2017-12-11T08:50:34Z "If the theme uses massive the *_template functions it can come to a slow performance because the the files will be searched again and again.
We can improve the performance if we use a static cache like this:
{{{
function locate_template($template_names, $load = false, $require_once = true ) {
static $template_cache;
$located = '';
foreach ( (array) $template_names as $template_name ) {
if ( !$template_name )
continue;
if ( $template_cache[$template_name] ) {
$located = $template_cache[$template_name];
break;
}
if ( isset( $template_cache[$template_name] ) && ! $template_cache[$template_name] )
continue;
if ( file_exists(STYLESHEETPATH . '/' . $template_name)) {
$located = STYLESHEETPATH . '/' . $template_name;
$template_cache[$template_name] = $located;
break;
} elseif ( file_exists(TEMPLATEPATH . '/' . $template_name) ) {
$located = TEMPLATEPATH . '/' . $template_name;
$template_cache[$template_name] = $located;
break;
} elseif ( file_exists( ABSPATH . WPINC . '/theme-compat/' . $template_name ) ) {
$located = ABSPATH . WPINC . '/theme-compat/' . $template_name;
$template_cache[$template_name] = $located;
break;
}
$template_cache[$template_name] = false;
}
if ( $load && '' != $located )
load_template( $located, $require_once );
return $located;
}
}}}" danielhuesken
Tickets Awaiting Review 40014 & converted to '#038 Themes 4.7.2 normal normal Awaiting Review defect (bug) new 2017-03-02T08:41:46Z 2017-03-03T05:01:54Z "Hi guys,
This is a follow-up to #30831.
Using WordPress v4.7.2 . With paginate_links() and setting the 'add_args' to an an array of values breaks the url. Specifically replaces '''&''' with '''#038''';
Sample code below:
{{{
echo paginate_links(
array(
'base' => str_replace( $big, '%#%', esc_url( get_pagenum_link( $big ) ) ),
'current' => max( 1, get_query_var( 'paged' ) ),
'total' => $query_object->max_num_pages,
'format' => 'page/%#%',
'add_args' => array( 'project' => 1 /* or whatever the project number is*/ ),
) );
}}}
The code above replaces '''&''' with '''#038''';
Sample result: http://domain.com/?page_id=1&paged=2#038project=1
" fervillz
Tickets Awaiting Review 34742 Archive titles: Change order of conditions to match template loader Themes 4.1 normal normal Awaiting Review defect (bug) new 2015-11-19T16:43:32Z 2015-11-19T16:43:32Z "Noticed during work on #34516.
Chat: https://wordpress.slack.com/archives/core/p1447950057001566" ocean90
Tickets Awaiting Review 11282 Bizarre Behavior When wp-content Missing westi Themes 2.8.4 normal normal Awaiting Review defect (bug) reopened has-patch 2009-11-29T02:19:13Z 2015-10-03T20:46:04Z "Steps to reproduce:
1. Begin and complete a normal installation, but skip or remove the wp-content directory.
2. Try to view the Dashboard and the Visit Site link.
Expected Result: WP did not install, wp-content is missing.
Actual Result: Dashboard is visible, site's front page is not. In /wp-admin/error_log
PHP Warning: array_keys() [function.array-keys]: The first argument should be an array in /wp-includes/theme.php on line 481" miqrogroove
Tickets Awaiting Review 41050 Cannot read property 'top' of undefined in belowEntryMetaClass (TwentySeventeen) Themes 4.8 normal normal Awaiting Review defect (bug) new 2017-06-15T01:37:26Z 2017-06-15T05:29:38Z "I'm seeing this with TwentySeventeen version 1.3 activated:
{{{
#!js
global.js?ver=1.0:124 Uncaught TypeError: Cannot read property 'top' of undefined
at belowEntryMetaClass (global.js?ver=1.0:124)
at global.js?ver=1.0:239
}}}
It only occurs in the following circumstance:
* You have widgets in the sidebar menu.
* You have a custom template (either defined in your child theme or generated by a plugin) that does not load the sidebar.
If the above are both true, you'll see the error triggered on the `window.resize` event.
I first encountered this while testing alongside [[https://wordpress.org/plugins/charitable|Charitable]] (create a campaign and then go to donate page), but you can also reproduce by creating a child theme and adding a custom `single.php` with the sidebar omitted." ericdaams
Tickets Awaiting Review 28855 Commented add_actions and unused functions in wp-admin/includes/theme-install.php chriscct7 Themes 3.9 normal normal Awaiting Review defect (bug) assigned has-patch 2014-07-12T16:59:42Z 2015-12-03T19:04:54Z "Only {{{install_themes_upload()}}} is used in`wp-admin/theme-install.php:134`
{{{
mike@mike:~/Sites/wordpress-svn$ grep -r '// add_action' src/
src/wp-admin/includes/theme-install.php:135:// add_action('install_themes_dashboard', 'install_themes_dashboard');
src/wp-admin/includes/theme-install.php:147:// add_action('install_themes_upload', 'install_themes_upload', 10, 0);
src/wp-admin/includes/theme-install.php:179:// add_action('install_themes_search', 'display_themes');
src/wp-admin/includes/theme-install.php:180:// add_action('install_themes_featured', 'display_themes');
src/wp-admin/includes/theme-install.php:181:// add_action('install_themes_new', 'display_themes');
src/wp-admin/includes/theme-install.php:182:// add_action('install_themes_updated', 'display_themes');
mike@mike:~/Sites/wordpress-svn$ grep -r install_themes_dashboard src
src/wp-admin/includes/theme-install.php:96:function install_themes_dashboard() {
src/wp-admin/includes/theme-install.php:135:// add_action('install_themes_dashboard', 'install_themes_dashboard');
mike@mike:~/Sites/wordpress-svn$ grep -r install_themes_upload src
src/wp-admin/includes/theme-install.php:137:function install_themes_upload() {
src/wp-admin/includes/theme-install.php:147:// add_action('install_themes_upload', 'install_themes_upload', 10, 0);
src/wp-admin/theme-install.php:134:
mike@mike:~/Sites/wordpress-svn$ grep -r install_themes_search src
src/wp-admin/includes/theme-install.php:179:// add_action('install_themes_search', 'display_themes');
mike@mike:~/Sites/wordpress-svn$ grep -r install_themes_featured src
src/wp-admin/includes/theme-install.php:180:// add_action('install_themes_featured', 'display_themes');
mike@mike:~/Sites/wordpress-svn$ grep -r install_themes_new src
src/wp-admin/includes/theme-install.php:181:// add_action('install_themes_new', 'display_themes');
mike@mike:~/Sites/wordpress-svn$ grep -r install_themes_updated src
src/wp-admin/includes/theme-install.php:182:// add_action('install_themes_updated', 'display_themes');
}}}
`display_themes` is used only in the same file `wp-admin/includes/theme-install.php`, but in the commented add_actions. Should that function be deprecated?
{{{
mike@mike:~/Sites/wordpress-svn$ grep -r display_themes src
src/wp-admin/includes/theme-install.php:122:function display_themes() {
src/wp-admin/includes/theme-install.php:132:// add_action('install_themes_search', 'display_themes');
src/wp-admin/includes/theme-install.php:133:// add_action('install_themes_featured', 'display_themes');
src/wp-admin/includes/theme-install.php:134:// add_action('install_themes_new', 'display_themes');
src/wp-admin/includes/theme-install.php:135:// add_action('install_themes_updated', 'display_themes');
}}}" michalzuber
Tickets Awaiting Review 37305 Custom Logo: output invalid according to the W3C Themes 4.5 normal normal Awaiting Review defect (bug) new has-patch 2016-07-07T14:29:05Z 2017-12-05T23:00:42Z "The [https://validator.w3.org/ W3C Validator] throws an error when {{{the_custom_logo()}}} is used without specifying an {{{itemtype}}}:
The itemprop attribute was specified, but the element is not a property of any item.
Should {{{itemprop=""url""}}} be removed from {{{get_custom_logo()}}}?" henry.wright
Tickets Awaiting Review 41441 Deleting a theme from a single site's Themes screen should not be allowed Themes normal normal Awaiting Review defect (bug) new 2017-07-25T18:42:40Z 2017-07-25T18:42:40Z "With Multisite enabled, it's not possible to delete a plugin from the Plugins screen in individual sites' dashboards. The `Delete` link is removed.
The same should be true for themes. Currently, a `Delete` button is shown when a super admin views the Themes screen on an individual site." johnbillion
Tickets Awaiting Review 42834 Doc mismatch between developer. and codex., codex appears to be more correct Themes trunk normal normal Awaiting Review defect (bug) new 2017-12-08T02:35:57Z 2017-12-08T07:35:19Z "I’m looking at some code that uses the switch_theme hook. The docs are quite different between the (current)[https://developer.wordpress.org/reference/hooks/switch_theme/] docs and the old (codex)[https://codex.wordpress.org/Plugin_API/Action_Reference/switch_theme].
Specifically, the old version specified that switch_theme is best used for things that should happen when a theme is *deactivated*, and actions related to the new theme should be on after_switch_theme. The new docs don’t make the distinction, but the code hasn’t changed since like 4.5. I'm wonder whether developer.wordpress.org has the most correct info?" kluny
Tickets Awaiting Review 40057 Double hashed value for background-color of body.background-color Themes 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-07T10:34:58Z 2017-03-07T10:34:58Z "The problem is that body.custom-background has background-color property which gets double hashed value.
So if theme is supporting custom background features, then you'll get wrong (double hashed) background-color value all the time.
I have already found the cause of the problem.
Check this file:
wp-includes/theme.php
on line: 1564
change this:
$style = $color ? ""background-color: #$color;"" : '';
to this:
$style = $color ? ""background-color: $color;"" : '';
That will solve the problem." hovhanneshovakimyan
Tickets Awaiting Review 20009 Escape later when getting post and body classes Themes normal normal Awaiting Review defect (bug) reopened has-patch 2012-02-10T08:11:37Z 2017-01-29T10:03:38Z "Both get_body_class() and get_post_class() provide filters that allow plugins and themes to add custom values to the list. These filters are applied after the values in the $classes array have been filtered through esc_attr(). I think that it would be best to move the escaping after the filter has fired.
esc_attr() was first added to get_body_class() and get_post_class() in [11838]" mfields
Tickets Awaiting Review 10275 Filter logic has been put into the template loader while it not belongs there. Themes 2.8 normal normal Awaiting Review defect (bug) reopened dev-feedback 2009-06-25T20:22:34Z 2015-12-03T17:37:12Z "Some time ago, filter logic has been introduced in the template-loader. Looks like a fix for the inability to handle attachments propperly (WP misses more and more a strict request parsing so that newer features tend to introduce more and more bugs).
The code has not been removed yet. It should be removed there or put into a more appropriate location.
The code in question is:
{{{
remove_filter('the_content', 'prepend_attachment');
}}}
in /wp-inclueds/template-loader.php around line 30." hakre
Tickets Awaiting Review 42353 Header video does not load below 900px after resized and refreshed. Themes 4.8.2 normal normal Awaiting Review defect (bug) new 2017-10-27T08:39:51Z 2017-10-27T08:39:51Z "Header Media video does not load on screen size less than 900px after resized and refreshed. Instead Header Media Image is loaded.
Tested on Twenty Seventeen theme and WordPress version 4.8.2.
Steps:
Set the video URL in the customizer's Header Media.
Resize the screen and refreshed below 900px.
The video does not load instead header image is shown.
" sachyya sachet
Tickets Awaiting Review 35520 If stylesheet_directory and template_directory are forced, don't show theme screens Themes normal normal Awaiting Review defect (bug) new 2016-01-18T23:54:48Z 2016-01-18T23:54:48Z As those screens will be broken, switching to a different theme has no effect, installing new ones doesn't make sense and there may be errors if the default theme directory is not used. iseulde
Tickets Awaiting Review 37972 Image size (height/width) arguments are not used in output for custom_logo Themes 4.6 normal normal Awaiting Review defect (bug) new 2016-09-07T18:09:37Z 2018-05-15T17:19:08Z "when setting up the custom logo in theme support, it allows for height/width to be set.
When outputting, the default and only option for the output (via the_custom_logo() ) is ""full"" (as set in the get_custom_logo function call)
This is carry over from commit
[37135] for #36327" BinaryKitten
Tickets Awaiting Review 39041 Installed themes search displays theme author names when the search term is a space Themes normal normal Awaiting Review defect (bug) new 2016-12-03T18:14:19Z 2016-12-03T18:14:19Z "Go in the themes screen and insert a single space in the search field: the theme author names will appear in the theme thumbnails:
[[Image(https://cldup.com/ZClQwM6qwX.jpg)]]
Theme author names are intended to appear just when the search term matches the author name. Side note: wondering how many users are aware of this ""hidden"" feature.
Looking a bit into `theme.js`, turns out that thanks to this replacement:
`term = term.replace( / /g, ')(?=.*' );`
the regular expression
`match = new RegExp( '^(?=.*' + term + ').+', 'i' );`
becomes
`match = new RegExp( '^(?=.*)(?=.*).+', 'i' );`
so it matches any author name and it is longer than 2 characters:
{{{
if ( match.test( data.get( 'author' ) ) && term.length > 2 ) {
data.set( 'displayAuthor', true );
}
}}}
Without changing the regex, maybe the best option would be using `jQuery.trim( term )` (because IE 8 is still supported) and then if the term is empty, just return early. Also, I'd like to quote @azaozz and recommend that this kind of searches should fire after a minimum number of typed characters, see: https://core.trac.wordpress.org/ticket/37233#comment:21
> ideally it should trigger after 2 ASCII chars or one high UTF-8 char. We can standardize this for all similar cases in core, there are at least 6-7 other places.
" afercia
Tickets Awaiting Review 43289 Menu link to front page won't display the page content in Twenty Seventeen Version: 1.4 Themes 4.9.4 normal normal Awaiting Review defect (bug) new 2018-02-11T20:24:14Z 2018-03-23T18:03:27Z "Hi,
When I assign any page as a static front page and put the link to this page in the top menu it won't display after clicking. In other words, I have first link on the manu to the same page as the static front page. When you open the website and want to display the content of this page by clicking on the meny link it won't show.
The other links from the menu works ok. It is just any page which I assign as a static front page.
www.rehearsalstudio.uk
" jacofuego
Tickets Awaiting Review 24026 No /themes/ folder causes strange behaviour Themes 3.1 normal normal Awaiting Review defect (bug) new 2013-04-10T07:05:04Z 2015-12-03T19:18:36Z "I know, that it's a tricky behaviour, but the problem exists.
1. Unzip WordPress files to appropriate place
2. Go to /wp-content/ and delete /themes/ folder
3. Install WordPress using it's wizard (ignore error in Dashboard that no theme activated)
4. Go to Plugins page in admin area
5. Install BuddyPress (this plugin register the theme BP Default that is situated in plugin folder - '''this is very important''')
6. Activate BuddyPress and complete its wizard to make BP functional
7. Go to Themes page in wp-admin
8. You will now see BP Default Theme. Try to activate it
9. Ta-da! You've just unlocked a new badge for catching an error." slaFFik
Tickets Awaiting Review 43295 One theme update notice is showing in another Theme Details popup Themes 4.9.4 normal normal Awaiting Review defect (bug) new 2018-02-12T12:23:43Z 2018-03-23T14:13:10Z "Steps to reproduce this bug:
1. Go to Appearance -> Themes
2. Click on the ""Update Now"" link showing on theme thumbnail. It will start updating the theme.
3. Now in the same time, click on the Theme Details by hovering over another theme.
4. It will display a popup of the theme details. Hold on few seconds while the theme gets updated.
5. You will see the green ""Updated"" notice in this popup of another theme.
See the attached screenshots." ibachal
Tickets Awaiting Review 44121 Return of the Page Template Bug? Themes 4.9.5 normal critical Awaiting Review defect (bug) new 2018-05-17T13:24:19Z 2018-05-24T06:10:40Z "Problem is within WP 4.9.5 using Woocommerce 3.3.5 (latest), installed on 4/3/2018 as a new install from the server installer.
Woocommerce runs without a woocommerce.php script . Uploaded edited version of that script are not recognized.
The theme being used is a custom one which until today did not have this problem. Changes were made yesterday to the woocommerce.php script file. After uploading: the changes were confirmed and approved. Today, with one remaining issue to deal with, a modified version was uploaded. The site ignored that upload. The theme folder shows the date and time of upload to be today as 8:55am the previous identical upload was at 6:55 am.
The file is not recognized as even being there and a previous version, which literally was one refresh away from perfect (except the remaining pop up issue) is… showing the bad pop up in action and on other store pages that use the changes made for that script the missing new styles contained within changed a lot. Frustrating.
Woomcommerce database update was performed after a full site back up. Plugins that were not present before yesterday were disabled and removed. No change. WordPress itself was not updated as it is updated and a reload fo no reason is dumb.
All of a sudden this site acts like the 2017 ‘Tipton’ bug from WordPress ( https://wordpress.org/search/page+template+bug/?forums=1 ) that I was under the impression was long conquered.
And it never happened like this all through build and set up. In fact I have never seen this in 18 years.
So, laying the mess upon the alter: be there anyone who has already overcome this disaster? Any help would be greatly appreciated, the client is understandably concerned and I may be old but i’m not suffering from.. from.. yeah.. memory loss.
The site URL will be sent to anyone here requesting it just please give some form of contact other than public i do not desire to embarrass a fantastic product company and founder. This is posted in WordPress troubleshooting in hopes someone has already been here or can take an educated stab at what is going on." lkhlc
Tickets Awaiting Review 43615 Shake Tremor Bug on Admin Area Themes 4.9.4 normal normal Awaiting Review defect (bug) new 2018-03-23T03:47:32Z 2018-03-23T14:56:55Z "When you have 4+ more themes installed and want to switch and move from one theme to another theme some glitch happen and you can see some tremor/shake on admin area.
I have made a video to explain this situation so you can reply the bug.
video: https://www.dropbox.com/s/gytv3yblnp7g5rn/IMG_1759.MOV?dl=0" Marius84
Tickets Awaiting Review 35280 Should feed_links_extra run when current theme doesn't support automatic-feed-links ? Themes 4.4 normal normal Awaiting Review defect (bug) new 2016-01-01T19:31:10Z 2016-01-02T12:58:53Z `feed_links()` will return early if the current theme doesn't support `automatic-feed-links`, shouldn't `feed_links_extra()` do the same? tiqbiz
Tickets Awaiting Review 40456 Submenu greater than 10 items not visible in twenty seventeen Themes 4.7.3 normal normal Awaiting Review defect (bug) new 2017-04-14T22:06:02Z 2017-04-15T09:06:57Z If you add more than 10 items to a sub menu in twenty seventeen, only the top 9 items are visible when the menu expands. The remaining items are displayed off the bottom of the screen and inaccessible. When this happens, the submenu should become two column (or 3, or 4, etc.) MusicalSaw
Tickets Awaiting Review 41309 Theme and plugin editing experience improvements at smaller screens karmatosed Themes normal normal Awaiting Review defect (bug) assigned 2017-07-13T13:52:03Z 2018-03-03T20:03:36Z "It was running some tests and noticed how bad the editing experience is when there is a smaller screen. An example is:
[[Image(https://cldup.com/6dnk2TUA53-3000x3000.png, 80%)]]" karmatosed
Tickets Awaiting Review 41142 Theme editing: inconstancies with messages between this and plugin editing Themes normal normal Awaiting Review defect (bug) new 2017-06-23T18:14:52Z 2017-06-23T18:25:28Z "The process is the same but we have different ways of saying it. For example even this:
[[Image(https://cldup.com/ndD0DpUtS2.png)]]
In the plugin it says:
[[Image(https://cldup.com/MQ09SZmEdS.png)]]
" karmatosed
Tickets Awaiting Review 41076 Themes: Add more help and documentation when editing theme files Themes normal normal Awaiting Review defect (bug) new 2017-06-15T14:45:50Z 2017-06-21T14:25:54Z "Add:
“Looks like you’re trying to edit your theme! We recommend creating a [child theme](link)"" instead.
This will let you make changes to your theme without accidentally breaking anything.” Except with better copy. Maybe also a “make child theme” one-click button that generates a child theme with a functions.php and style.css." karmatosed
Tickets Awaiting Review 39384 TwentySeventeen Navbar z-index Themes normal normal Awaiting Review defect (bug) new 2016-12-23T17:17:18Z 2017-05-07T05:57:23Z "The current z-index for the fixed navigation is 7. This seems a bit low as it should be above all other items on the page. For instance this widget getting mixed up with the navigation items:
[[Image(https://halgatewood.com/wp-content/uploads/2016/12/twentyseventeen-zindex.jpg)]]
Something much higher may be appropriate:
{{{
.site-navigation-fixed.navigation-top { z-index: 9999; }
}}}
Thanks,
Hal Gatewood
" halgatewood
Tickets Awaiting Review 41901 Updating fails for themes with style.css in sub directory. Themes normal normal Awaiting Review defect (bug) new 2017-09-17T04:54:03Z 2017-09-17T04:54:03Z "https://github.com/WordPress/WordPress/blob/4.8-branch/wp-includes/theme.php#L466-L513
I saw this part and decided to put style.css in /themes/my-theme/subdir/
And in fact it worked. But, there was one problem. That's about updating the theme. ( I update this theme from GitHub instead of WP.org. )
In /wp-admin/update-core.php, Updating is success. At this time in site_transient_update_themes, There was a value of `my-theme/subdir` as a slug.
In /wp-admin/themes.php, Updating is failed. An error message was displayed `The theme is at the latest version.`. At that time, the response of ajax was as follows.
{{{
{
""success"":false,
""data"": {
""update"":""theme"",
""slug"":""my-themesubdir"",
....
}
}}}
That is, the slash has disappeared. When I looked it up, it was `wp_unslash()` when updating here.
I think that it is better to unify processing for slashes on either page.
" inc2734
Tickets Awaiting Review 39773 Users Can Wrongly Set a Custom Page Template when front-page.php is in Use Themes normal normal Awaiting Review defect (bug) new 2017-02-02T23:56:47Z 2017-04-27T14:16:43Z "If you try to set a custom page template in a theme that uses a `front-page.php`, `front-page.php` always wins. This is expected, but a user doesn't know that. They're still able to save the page, and it looks like it should work, but on the front end, `front-page.php` wins, and they may be left confused.
Discovered while researching #39299.
Steps to reproduce:
1. Activate Twenty Seventeen.
2. Set the front page to a static page.
3. Create a page template.
4. Assign it to the static page being used as the front page.
5. Save.
6. Visit front end – the template isn't used.
What I expected?
At the very least – WordPress doesn't save this change, and provides an error message. Better: The page template selection box doesn't show up in this case because setting a template when the front page is a static page and a theme has `front-page.php` isn't possible." davidakennedy
Tickets Awaiting Review 33388 WP_Theme should use get_file_data() for retrieving page templates Themes normal normal Awaiting Review defect (bug) new has-patch 2015-08-17T08:40:06Z 2018-03-02T13:47:58Z "Currently WP_Theme::get_page_templates() uses a direct regular expression on the result of `get_file_contents()`, it should instead use the `get_file_data()` helper method we have to interact with file header data.
Currently switching will result in a back-compat break, as some themes have been using headers such as `` as the header, which get_file_data() doesn't like - See #33387
See r21117 for where we previously did use it temporarily during the 3.4 cycle, but broke due to #33387" dd32
Tickets Awaiting Review 42513 WP_Theme::get_post_templates() is extremely inefficient for large themes Themes 4.8.3 normal normal Awaiting Review defect (bug) new needs-unit-tests 2017-11-11T14:07:01Z 2017-11-12T13:13:42Z "WP_Theme::get_post_templates() uses file_get_contents() to read the complete contents of each theme php file in the root of a theme into memory, twice, and processes the result with a custom Regular Expression.
As a result, significantly more data than necessary is processed when loading large themes.
In addition, because the standard get_file_data() function is not called (as it is with all other header comments), the ""extra_{$context}_headers"" filter is never called, which is inconsistent behavior with other file_header related operations, such as the WP_Theme constructor." gschoppe
Tickets Awaiting Review 24143 When define('WP_CONTENT_DIR', 'your-dir') twentythirteen - The theme directory does not exist. Themes 3.4 normal normal Awaiting Review defect (bug) reopened needs-unit-tests 2013-04-20T10:08:16Z 2016-09-17T22:24:55Z "If you use either of following in you wp-config.php you'd automatically get a Broken Themes.
{{{
define('WP_CONTENT_DIR', 'your-dir');
define('WP_CONTENT_URL', 'your-url');
}}}
The following themes are installed but incomplete. Themes must have a stylesheet and a template.
Name Description
twentythirteen The theme directory does not exist." azizur
Tickets Awaiting Review 39750 Wrong image sizes within gallery on site view Themes 4.7.2 normal minor Awaiting Review defect (bug) new 2017-01-31T15:43:20Z 2017-02-06T08:44:11Z "Hello,
when I visit my blog (https://thomasbabut.de) the images within the gallery are using the wrong files (smaller images, i.e. 1200x799px). But when I click on the posting (https://thomasbabut.de/?p=1290), the correct images are being used. My postings are using the gallery function with full size images (i.e. 2000x1333px). I am using a MacBook with a retina display.
I guess this behavior was introduced with Wordpress 4.7.2 or the Twenty Seventeen Theme 1.1 Update.
Perhaps this is a mistake on my own but I think this is a bug.
Thanks in advance!
Regards,
Thomas" thbabut
Tickets Awaiting Review 18790 add_theme_support with post type doesn't add theme support but overwrites it Themes 3.2.1 normal normal Awaiting Review defect (bug) new has-patch 2011-09-27T12:17:13Z 2015-12-22T08:10:39Z "The function add_theme_support has an optional second parameter, which allows you to add support for post thumbnails for certain post types.
You would expect this function to add the theme support for that post type, but instead it overwrites the theme support for that feature, which results in the theme support being set for just the post type(s) that were passed.
Reproduce:
{{{
function add_thumbnails_support()
{
add_theme_support('post-thumbnails', array('my_post_type'));
print_r(get_theme_support('post-thumbnails'));
add_theme_support('post-thumbnails', array('another_post_type'));
print_r(get_theme_support('post-thumbnails'));
}
add_action('after_setup_theme', 'add_thumbnails_support');
}}}
" Jesper800
Tickets Awaiting Review 30105 css defining protocol Themes 3.8.2 normal normal Awaiting Review defect (bug) new 2014-10-26T06:41:59Z 2015-01-14T22:31:30Z "{{{when switching between http & https css breaks. css has the protocol defined rather than using // it uses http:// or https://}}}
to produce the problem load in apache and localhost:80, then localhost:443. one or the other will be broken.
sane:
{{{}}}
insane:
{{{}}}" 666threesixes666
Tickets Awaiting Review 28904 custom header stores full URL in database Themes 3.9.1 normal normal Awaiting Review defect (bug) new dev-feedback 2014-07-14T21:43:16Z 2015-12-03T19:58:52Z "set_header_image is storing the full URL to the custom header in the database. It should only store the relative path in the database and get_header_image should prepend the relative path with get_bloginfo('url'). This makes migrating your site easier. Or you can have a develop and live environment with an easy database sync (my particular issue).
'''set_header_image'''
Replace:
{{{
$choice['url'] = esc_url_raw( $choice['url'] );
}}}
With:
{{{
$choice['url'] = str_replace( get_bloginfo('url'), '', esc_url_raw( $choice['url'] ) );
}}}
or find another method of getting the relative URL
'''header_image'''
then add the bloginfo URL to header_image (and probably a few other places).
{{{
function header_image() {
echo esc_url( get_bloginfo('url').get_header_image() );
}
}}}" tverlaan
Tickets Awaiting Review 29051 get_raw_theme_root : Windows paths Themes 3.9.1 high critical Awaiting Review defect (bug) new 2014-07-29T01:46:10Z 2015-12-03T18:57:53Z "I believe, this problem exists only if there are more than one theme directories.
For example, in my code I have:
{{{
register_theme_directory( ABSPATH . 'wp-content/themes/' );
}}}
Then, on Windows, the options table has:
{{{
INSERT INTO `xxx_options` VALUES (678,'template_root','C:\\the\\path\\to\\www.mysite.com\\wp/wp-content/themes/','yes');
INSERT INTO `xxx_options` VALUES (869,'_site_transient_theme_roots','a:2:{s:14:\""twentyfourteen\"";s:57:\""C:\\the\\path\\to\\www.mysite.com\\wp/wp-content/themes/\"";s:8:\""wpglobus\"";s:7:\""/themes\"";}','yes');
}}}
On UNIX, of course, I see
{{{
INSERT INTO `wpg_options` VALUES (678,'template_root','/the/path/to/www.mysite.com/wp/wp-content/themes/','yes');
INSERT INTO `wpg_options` VALUES (869,'_site_transient_theme_roots','a:2:{s:14:\""twentyfourteen\"";s:55:\""/the/path/to/www.mysite.com/wp/wp-content/themes/\"";s:8:\""wpglobus\"";s:7:\""/themes\"";}','yes');
}}}
And what happens is: when I `mysqldump` my database on Windows and load it on UNIX, WordPress gives me White Screen (no errors even in the error log).
I believe, '''always storing UNIX paths would solve this problem'''. They work the same on Windows and UNIX." tivnet
Tickets Awaiting Review 31620 get_raw_theme_root does not resolve custom theme folder when is the unique Themes 3.1 normal normal Awaiting Review defect (bug) new has-patch 2015-03-13T02:54:50Z 2015-07-09T00:41:24Z "`get_raw_theme_root` (https://developer.wordpress.org/reference/functions/get_raw_theme_root/) does this check:
{{{
if ( count($wp_theme_directories) <= 1 )
return '/themes';
}}}
It means that if there is just one theme directory it is always assumed to be the `/themes` folder inside content directory.
If an user wants to register a custom theme folder via `register_theme_directory()` (in a MU plugin) that user is forced to keep `WP_CONTENT_DIR/themes` folder (even empty) otherwise the custom directory registration does not work and WP will try to load a theme from a folder that doesn't exist.
That is an edge case, but can be easily solved by picking the unique folder if there is only one:
{{{
$count = count($wp_theme_directories);
if ( 0 === $count ) {
return '/themes';
}
if ( 1 === $count ) {
$path = reset($wp_theme_directories);
$real = realpath($path);
$content = realpath(WP_CONTENT_DIR);
return strpos($real, $content) === 0 ? substr($real, strlen($content)) : $path;
}
}}}
If there is only one folder and it is inside content directory, the code above also takes care of returning the relative path.
That, according to #17597, is necessary to obtain a correct theme url." giuseppe.mazzapica
Tickets Awaiting Review 30459 is_child_theme() cannot be used during plugin activation as is Themes 3.0 normal normal Awaiting Review defect (bug) new has-patch 2014-11-23T00:58:46Z 2015-05-02T00:18:11Z "I was developing a plugin that was based on a specific theme (or any child-theme of the theme) and tried to use `is_child_theme()` as part of the activation/compatibility tests.
It appears `is_child_theme()` is trying to use undefined constants at this point, this being the case the easiest solution I am seeing is to use the constant definitions in `is_child_theme()` versus using the constants themselves.
With the constants an error is thrown when the plugin is activated, with the function calls no errors are thrown.
See simple patch to change `is_child_theme()` from using constants to using the actual function calls." cais
Tickets Awaiting Review 40221 switch_theme action + Live Preview = confusion Themes 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-21T17:09:49Z 2017-03-23T15:17:16Z "The switch_theme function has inside a hook named the same: switch_theme, it is used for theme deactivation actions, but the problem is that after you activate the theme via Live Preview - this action is executed, so can create confusion.
(switch_theme hook is for theme deactivation functions - https://codex.wordpress.org/Plugin_API/Action_Reference/switch_theme)
When we activate a theme (not via Live Preview) - then this hook is executed together with old theme, not with new theme, but when we have a Live Preview with a new theme, then this hook will be used with the theme that is inside the Live Preview, with it's files. That's why this hook is called incorrectly.
So if this is not by design and it is a bug then the fix would be to skip this hook after a theme activation via Live Preview.
" alexvorn2
Tickets Awaiting Review 21062 Add a 'template_file' hook to load_template() johnbillion Themes 3.4 normal normal Awaiting Review enhancement reviewing has-patch 2012-06-24T21:04:50Z 2018-03-05T20:28:36Z "Please consider adding a `'template_file'` hook in `load_template()` to enable the capture of the template filename. I have built a panel for the Debug Bar to be able to show template files loaded but I need this `'template_file'` hook to capture the template file names. This would be super useful for developers who are building sites with the complex template loading logic found in various theme frameworks et. al.
With the hook added the code for `load_template()` might look like this:
{{{
function load_template( $_template_file, $require_once = true ) {
global $posts, $post, $wp_did_header, $wp_did_template_redirect, $wp_query, $wp_rewrite, $wpdb, $wp_version, $wp, $id, $comment, $user_ID;
if ( is_array( $wp_query->query_vars ) )
extract( $wp_query->query_vars, EXTR_SKIP );
$_template_file = apply_filters( 'template_file', $_template_file, $require_once );
if ( $require_once )
require_once( $_template_file );
else
require( $_template_file );
}
}}}
Here's a screenshot showing the Theme Template Files panel I implemented so you can see the use-case. This plugin requires the hook I'm proposing in order to work and I have attached the plugin for other's review.
{{{
#!html
}}}
This hook could also allow the loading of the template file from other directories such as a shared directory on a server, as appropriate, but that's not the reason I found the need today.
The source for `load_template()` is found in `/wp-includes/template.php`. " mikeschinkel
Tickets Awaiting Review 16396 Add a hook to the theme editor page when the write is successful Themes 3.1.3 normal normal Awaiting Review enhancement new 2011-01-28T17:29:35Z 2016-04-27T04:05:24Z Add a filter to the end of theme-editor.php's processing when the write is successful. scottconnerly
Tickets Awaiting Review 42855 Add ability to filter header, sidebar, searchform, footer and template_part file paths Themes normal normal Awaiting Review enhancement new has-patch 2017-12-09T21:47:03Z 2018-02-28T22:20:08Z "I've seen several tickets that appear related but are either dead or include bigger changes compared to what I'm proposing (the most relevant being #21062).
My proposal (including patch):
1. Introduce `get_template_part_hierarchy( $slug, $name = null );`.
1. Update `get_header()`, `get_sidebar()`, `get_search_form()`, `get_footer()` and `get_template_part()` to use the new function.
1. Add a `template_part_{$slug}_template_hierarchy` filter to the new function so all 5 general template functions' results are filterable.
What these changes achieve:
1. Provide a way to filter the location of header.php, sidebar.php, searchform.php, footer.php and any file loaded by `get_template_part()`
1. Reduce code duplication (all metioned functions had the same $slug + $name logic to create a $templates array)
Also, @MikeSchinkel has mentioned a few benefits and arguments for why such a filter is beneficial:
https://core.trac.wordpress.org/ticket/21062#comment:19" atanasangelovdev
Tickets Awaiting Review 16883 "Add check for ""Template Version"" on theme activation" Themes 3.1 normal normal Awaiting Review enhancement new dev-feedback 2011-03-18T03:28:36Z 2016-03-29T15:17:22Z "Related: #16395
In addition to adding Template Version to the standard meta information extracted from style.css in `get_theme_data()`, I think that for this information to be useful, a child theme shouldn't be able to be activated unless the template template the child theme uses (parent theme) meets the minimum version requirement identified in ""Template Version"".
A polite and graceful failure, with an error notice, would be preferable :-)
Reason: many times child themes utilize functionality that only exists in the latest version of a parent theme. They're stuck either writing backward compatibility into into their code, or risking whitescreens.
This not only prevents that, but it could be used to gently encourage the user to update the parent theme.
Certainly not a candidate for 3.1.1, but perhaps 3.2?" nathanrice
Tickets Awaiting Review 41575 Add global action to get_template_part Themes 4.9 normal normal Awaiting Review enhancement new 2017-08-06T21:56:45Z 2017-08-07T15:41:25Z "I would like to see
{{{#!php
do_action( ""get_template_part"", $slug, $name );
}}}
in get_template_part. Right now there is no means to track or do any action on every template call. A feature I want to implement in a plugin relies on this to function how I want. As of now I can only get the primary template." pcfreak30
Tickets Awaiting Review 21912 Add return filter to current_theme_supports() Themes 3.4 normal normal Awaiting Review enhancement new has-patch 2012-09-17T18:39:29Z 2015-09-02T01:32:59Z "current_theme_supports() makes it hard for plugins to affect whether a theme supports a certain feature.
The use case I have is that I am building a plugin that utilises bbPress (and soon, BuddyPress)-style template compatibility parts. In those template parts, I display something very, very similar to a post thumbnail or custom header. I want to use the ""Featured Image"" metabox on the Post screen to set that image.
If I use the plugin on a theme that doesn't support post thumbnails, the metabox correctly doesn't appear, and so users have no way of choosing a featured image. While there are ways around this -- manual conditional registering of the Featured Image metabox, creating my own metabox, or calling add_theme_support/remove_theme_support like a toggle -- none of them are particularly elegant.
While current_theme_supports has a return filter, it's not reached by all code execution paths. The attached patch reworks the function so that the return value is always passed through the filter." DJPaul
Tickets Awaiting Review 43697 Add theme update counter in admin theme menu item Themes trunk normal normal Awaiting Review enhancement new has-patch 2018-04-05T09:21:12Z 2018-04-18T04:16:20Z Add theme update counter in admin theme menu item as we show for plugin menu item. mukesh27
Tickets Awaiting Review 41179 Adding get_the_content-filter Themes 4.8 normal normal Awaiting Review enhancement new dev-feedback 2017-06-27T01:14:32Z 2018-04-18T16:57:51Z "Hey there,
atm I cannot replace the content by a custom on, because of missing filter for get_the_content().
Attached a patch for this." Ninos Ego
Tickets Awaiting Review 40842 Adding template filters Themes normal normal Awaiting Review enhancement new dev-feedback 2017-05-22T23:37:08Z 2017-10-23T20:28:21Z "Hey there,
for a plugin I really need filters for modifiing the header, footer and also maybe the sidebar. ATM I cannot change the template files without changing the theme itself because of missing filters.
If you need a description why I need to replace the header and footer, it's just simple: I want to add a functionality that on some pages the header/footer is replaced by a minimal header/footer (e.g. for customers from affiliate networks, shop pages). For a plugin it's not possible without these filters. Customers are forced to modify their theme itself, which is very hard to do for non-devs.
I hope you can implement them as soon as possible (in next WP 4.8).
PS: This is not a security risk, because a plugin also can manipulate the theme itself or use filters to change the general templates (single page...)." Ninos Ego
Tickets Awaiting Review 35696 Allow extra control over CSS Classes in paginate_links() Themes normal normal Awaiting Review enhancement new has-patch 2016-02-02T19:21:18Z 2018-05-15T17:10:36Z "Currently, `paginate_links()` does not allow any flexibility in terms of customizing CSS classes in the outputted HTML.
The idea here is to introduce some degree of control in this area.
This idea rose from the need to implement a pagination component in [https://getbootstrap.com/components/#pagination Bootstrap] and Zurb's [http://foundation.zurb.com/sites/docs/pagination.html Foundation]. As of now, there is no way to implement these components without workarounds / hacks to `paginate_links()`.
Currently, `paginate_links()` lets me output such HTML:
{{{

}}}
This will allow for much more flexibility and less dirty workarounds." maor
Tickets Awaiting Review 38160 Attachment template hierarchy selects generic attachment.php before specific post type templates Themes normal normal Awaiting Review enhancement new needs-unit-tests 2016-09-26T13:29:00Z 2017-10-21T17:36:05Z "When viewing a single attachment at its permalink, the template hierarchy is as follows (using `foo.jpg` as an example).
1. `image-jpeg.php`
2. `jpeg.php`
3. `image.php`
4. `attachment.php`
5. `single-attachment-foo.php`
6. `single-attachment.php`
7. `single.php`
8. `singular.php`
9. `index.php`
Note that the generic `attachment.php` appears higher in the hierarchy than the more specific `single-attachment-foo.php`. This means it's impossible to target a specific attachment if an `attachment.php` file is in place." johnbillion
Tickets Awaiting Review 31956 Check empty title after wp_title_parts. Themes 4.1.1 normal normal Awaiting Review enhancement new 2015-04-13T04:15:46Z 2015-04-13T04:51:09Z "if use ""wp_title_parts"", There is a case in which the number of parts is changed.
So, creating $prefix , I think should check $title_array.
" Toro_Unit
Tickets Awaiting Review 27177 Child themes should inherit parent theme customizer settings on activation / switching Themes 3.8 normal normal Awaiting Review enhancement new has-patch 2014-02-21T20:37:01Z 2018-05-01T18:53:39Z "Currently, if you install a parent theme and utilize the theme customizer, and then create a child theme and live preview or activate it, it does not inherit any of the settings previously set for the parent theme.
If a child theme doesn't have any existing values from the customizer setting, then it should look for and import those from the parent theme if they exist (perhaps on the switch_theme hook).
The current setup is a discouragement to using a child theme if the user has already invested time using the customizer with their parent theme." krogsgard
Tickets Awaiting Review 39836 Display maximum file upload size on theme upload page Themes normal normal Awaiting Review enhancement new dev-feedback 2017-02-10T16:47:09Z 2017-06-25T04:06:02Z "When we click on 'Upload Theme' button, WordPress displays ""If you have a theme in a .zip format, you may install it by uploading it here."" message on /wp-admin/theme-install.php
If we can displays maximum file size in this message, it will really help WordPress users. They will consider increasing upload file size in php.ini instead starting upload and displaying a message ""Are you sure want to do that?"" and if debug is true, they will also see error message." rinkuyadav999
Tickets Awaiting Review 36666 Enhance `remove_theme_support()` so that it can take additional arguments Themes 3.0 normal normal Awaiting Review enhancement new dev-feedback 2016-04-25T18:21:45Z 2018-05-15T17:08:21Z "Sometimes we might need to use the function `remove_theme_support()` to only support specific details of a specific theme feature, in particular it would be useful to be able to remove support for specific post formats or remove post thumbnail support for specific post types (related to #22080 for example).
These checks would need to happen in a `switch` statement, similar to the other theme support functions, and we would need to handle additional arguments.
For example, it should be possible to do `remove_theme_support( 'post-formats', 'video' )` to remove support for the video post format." flixos90
Tickets Awaiting Review 33123 Filter on theme mod default value Themes 4.3 normal normal Awaiting Review enhancement new 2015-07-25T15:56:28Z 2018-04-17T22:59:15Z "For those of us using theme mods for storing theme settings, we often need a method for modifying the default theme mod when building child themes. For example, I might build a Christmas-styled child theme and modify the parent theme's default ""primary"" color to green. The only way this is possible is if the parent theme does something like this:
{{{
$primary = get_theme_mod( 'color_primary', '' );
add_filter( 'theme_mod_color_primary', 'parent_color_primary', 99 );
function parent_color_primary( $hex ) {
return $hex ? $hex : '#00000';
}
}}}
Then, the Christmas child theme can hook in earlier and modify this if needing to change the default like so:
{{{
add_filter( 'theme_mod_color_primary', 'child_color_primary', 10 );
function child_color_primary( $hex ) {
return $hex ? $hex : '#cc0000';
}
}}}
That's kind of a janky way to do things. It'd be far easier to have a filter on the default passed into `get_theme_mod( $mod, $default )`. Something like:
{{{
$default = apply_filters( ""theme_mod_{$mod}_default"", $default );
}}}
In this scenario, the parent theme merely needs to do this:
{{{
$primary = get_theme_mod( 'color_primary', '#000000' );
}}}
And, the child theme:
{{{
add_filter( 'theme_mod_color_primary_default', 'child_color_primary' );
function child_color_primary() {
return '#cc0000';
}
}}}
I'm attaching a patch that will provide this filter hook." greenshady
Tickets Awaiting Review 35052 Filter themes by language translations Themes normal normal Awaiting Review enhancement new 2015-12-13T17:59:39Z 2015-12-16T14:33:09Z "Since themes can now be translated in a fairly easy way, we should incorporate a filter in the WP admin UI that lets the users search only for themes which are translated to their language of choosing.
We should probably agree on a % value treshold after which a theme will show up in the results (likely somewhere around 50% - 70% completion)." eclare
Tickets Awaiting Review 34644 Header Image Tag Filter attributes Themes 4.4 normal normal Awaiting Review enhancement new has-patch 2015-11-10T07:54:28Z 2015-11-10T08:01:03Z I think that should be filter `header_image_attr`. For example if I want add custom class atribute sebastian.pisula
Tickets Awaiting Review 43728 Implements site_enable_theme and site_disable_theme functions in WP_Theme class Themes normal normal Awaiting Review enhancement new needs-unit-tests 2018-04-10T08:21:34Z 2018-04-10T10:16:57Z "In Multisite,
Themes can also be enabled per site, via the Edit Site > Themes area. They are stored in an allowedthemes option (see https://github.com/WordPress/wordpress-develop/blob/master/src/wp-includes/class-wp-theme.php#L1414 for more). When you set a theme for a site, you wouldn't expect it to suddenly work for every network - it only implies you want to have it for the one site.
I think we need to implement methods WP_Theme::site_enable_theme( $stylesheets, $site_id ) and WP_Theme::site_disable_theme( $stylesheets, $site_id ).
We need this enhancement in this ticket : #39318" Mista-Flo
Tickets Awaiting Review 32326 Improve Support for Structured Data Themes normal normal Awaiting Review enhancement new 2015-05-09T14:50:00Z 2018-05-23T19:35:20Z "There has been discussion before on various types of structured data. WordPress has limited support for microformats and it is a long-standing part of WordPress.
New standards for structured data continue to appear, and there have been some proposals in support. However, different people want support for different things. I think there is a solution with more general appeal.
body_class and post_class add classes to the body and post containers.
What if they were superseded by two new functions with a broader scope?
body_attributes and post_attributes which could add any attribute from a provided array into the body and post containers? Most of the structured data works on an attribute of the tags it is attached to, be it class or property or otherwise.
The body_class and post_classes continue to work as they always have.
Newer themes could use the attributes function, which could remove hentry adding by default, for example, and transfer control of structured data back to the theme.
There is also the possibility, if it isn't going too far, of adding a similar function for the content container.
" dshanske
Tickets Awaiting Review 20037 Introduce 'noindex' filter for robots meta tag Themes 3.4 normal normal Awaiting Review enhancement new dev-feedback 2012-02-14T05:01:38Z 2018-04-25T19:14:24Z "As things are right now, themes and plugins add robots meta tag lines by just adding an action to wp_head, with no way of knowing who has added what. Because it is not done as a filter, there is no way to prioritize or alter things.
As far as I can see there are two functions that are hooked to wp_head to add the meta tag for robots, the noindex() and wp_no_robots() function in '/wp-includes/general-template.php'. All noindex() does is look to see if a blog is marked private, then calls wp_no_robots(). In other places, like the signup and login pages, wp_no_robots is manually added.
To help clear up the confusion, we could just call wp_no_robots whenever we need to add a robots meta tag, use wp_no_robots to do some default logic, then allow plugins to filter it depending on where we are.
Working on a quick patch now and will add." MartyThornley
Tickets Awaiting Review 37825 Introduce functions to check whether there are multiple taxonomy terms Themes normal normal Awaiting Review enhancement new needs-unit-tests 2016-08-25T12:33:10Z 2016-09-25T20:08:48Z "We've had a function `is_multi_author()` since version 3.2.0, which is regularly used by themes to check if a site has multiple authors with published posts.
A similar function is often needed by themes for taxonomies (mostly categories), for example the latest default themes have contained a function `*_categorized_blog()`. I think this functionality is essential for several themes, and we can make their lifes easier by providing these functions to them (especially since several theme authors don't really wanna mess with hooks for invalidating transients).
Of course, for backward compatibility a theme should check whether that function exists, and if not, it still needs to take care of things by itself. However, I think this will still be a good solution long-term to include this functionality in WordPress Core." flixos90
Tickets Awaiting Review 37461 Introduce get_the_title_attribute() to wrap the_title_attribute( 'echo=0' ) Themes 4.6 normal normal Awaiting Review enhancement new 2016-07-25T17:10:06Z 2016-07-26T18:37:43Z "the_title_attribute( 'echo=0' ) is ugly and annoying given that all the other the_* template tags have corresponding get_* functions.
Patch adds get_title_attribute() as a simple wrapper function." sillybean
Tickets Awaiting Review 19579 Make get_search_form() more filterable/extensible Themes 3.3 normal normal Awaiting Review enhancement new has-patch 2011-12-16T15:16:17Z 2015-10-08T17:31:57Z "I notice that a lot of the time when Themes include custom search form markup via `searchform.php`, they are making very minor changes to the default markup. (A common on is adding onfocus/onblur attributes to the input.) Unfortunately, I've also noticed that custom search form markup tends to be... forgotten, and ends up becoming more insecure over time.
So, in the interest of encouraging/facilitating use of the core markup, I propose making `get_search_form()` more extensible, similar to the extensibility of `comment_form()`.
This patch replaces `$echo = true` with `$args = array()` as the parameter passed to `get_search_form()`, while retaining backward compatibility with `$echo = true`. Also, a (self-explanatory) `search_form_defaults` filter is added.
Also addresses #16538
Does '''not''' address #16541, which is potentially related.
Probably '''conflicts''' with #14851
Also related: #19321" chipbennett
Tickets Awaiting Review 43597 Modify template-loader engine Themes normal normal Awaiting Review enhancement new 2018-03-21T09:54:15Z 2018-03-26T13:20:39Z "Hi, I think it would be useful if the functionality of the template-loader.php file that determines the template to load were added directly to the template_include filter with priority 1, so that it will be accessible using a function.
I have found the need in some projects in which I load the WordPress core from an external application, since once the core is loaded, it is necessary to include the template_loader.php file and it is not possible just to obtain which would be the template to load (and not ley ir load)." chespir
Tickets Awaiting Review 38942 New filter for header image tag attributes Themes 4.7 normal normal Awaiting Review enhancement new has-patch 2016-11-25T17:45:46Z 2018-05-15T17:09:38Z "There is currently no way to filter the attributes of the header image tag before it is used to build the header image tag HTML in the get_header_image_tag() function.
I've attached a diff to solve this problem by adding a new 'get_header_image_tag_attributes' filter." junaidbhura
Tickets Awaiting Review 33405 "Pagination - use of helip / ""..."" not logic in some cases" Themes 4.2.4 lowest trivial Awaiting Review enhancement new has-patch 2015-08-18T16:40:31Z 2016-12-15T22:07:11Z "Hi there,
I believe there is some improvement potential in the logic of the pagination. The ""..."" indicator does not really serve its purpose, in case you have it only hiding one page link - see attached screenshot.
Would propose to change the function generating the pagination to only use it in case it at least covers 2 page links." th23
Tickets Awaiting Review 40108 Pagination Enhancement wp_link_pages() Themes normal normal Awaiting Review enhancement new 2017-03-11T01:39:00Z 2018-01-25T23:34:23Z "
Current implementation of the function is not well suited for posts containing 10+ pages, this creates usability issues for desktop and especially mobile users. Most popular themes which rely on this built-in function are affected. Popular hosting providers such as Wordpress.com do not allow 3rd party plugins or any enhancements to work around this issue.
'''Example:'''
[[Image(http://i.imgur.com/yqLOfD0.jpg)]]
'''Goal:'''
Provide theme creators posibility to reduce the number of visible page links and enhance CSS theming by wrapping the current page in CSS selectable tag, allowing improved usability on mobile devices and reducing the reliance of wider community on 3rd party plugins or custom code.
'''Solution:'''
Accept additional 'mixed' value for the [next_or_number] parameter and create a helper parameter to control the max number of outputted page links. Wrap the current page in a to allow CSS theming.
The looks/functionality as per the screenshot above can be achieved with only ~20 additional lines of code (below)
It accounts for any edge cases and ensures full backwards compatibility, however, additional testing is needed.
'''Enhanced wp_link_pages Function:'''
{{{#!php
'

' . __( 'Pages:' ),
'after' => '

',
'link_before' => '',
'link_after' => '',
'next_or_number' => 'number',
// new param for controling max link number in 'mixed' mode
'navwidth' => '3', //number of links displayed before and after current page
'separator' => ' ',
'separator' => ' ',
'nextpagelink' => __( 'Next page' ),
'previouspagelink' => __( 'Previous page' ),
'pagelink' => '%',
'echo' => 1
);
$params = wp_parse_args( $args, $defaults );
/**
* Filters the arguments used in retrieving page links for paginated posts.
*
* @since 3.0.0
*
* @param array $params An array of arguments for page links for paginated posts.
*/
$r = apply_filters( 'wp_link_pages_args', $params );
$output = '';
if ( $multipage ) {
if ( 'number' == $r['next_or_number'] ) {
$output .= $r['before'];
for ( $i = 1; $i <= $numpages; $i++ ) {
$link = $r['link_before'] . str_replace( '%', $i, $r['pagelink'] ) . $r['link_after'];
if ( $i != $page || ! $more && 1 == $page ) {
$link = _wp_link_page( $i ) . $link . '';
}
/**
* Filters the HTML output of individual page number links.
*
* @since 3.6.0
*
* @param string $link The page number HTML output.
* @param int $i Page number for paginated posts' page links.
*/
$link = apply_filters( 'wp_link_pages_link', $link, $i );
// Use the custom links separator beginning with the second link.
$output .= ( 1 === $i ) ? ' ' : $r['separator'];
$output .= $link;
}
$output .= $r['after'];
} elseif ( $more ) {
$output .= $r['before'];
$prev = $page - 1;
if ( $prev > 0 ) {
$link = _wp_link_page( $prev ) . $r['link_before'] . $r['previouspagelink'] . $r['link_after'] . '';
/** This filter is documented in wp-includes/post-template.php */
$output .= apply_filters( 'wp_link_pages_link', $link, $prev );
}
/**
*Start of New Code for 'mixed' navigation mode
*/
// Output number of links equal to $navwidth before current page
if ( 'mixed' == $r['next_or_number'] ) {
For ( $i = $page - $navwidth; $i < $page; $i++) {
if ( $i > 0) {
$link = _wp_link_page( $i ) . $r['link_before'] . str_replace( '%', $i, $r['pagelink'] ) . $r['link_after'] . '';
$link = apply_filters( 'wp_link_pages_link', $link, $i );
// Use the custom links separator beginning with the second link.
$output .= ( 1 === $i ) ? ' ' : $r['separator'];
$output .= $link
}
}
// Output current page within tags for enhanced styling capability
if ( $prev ) {
$output .= $r['separator'];
}
$output .= $r['link_before'] . ('') . str_replace( '%', $i, $r['pagelink'] ) . ('') . $r['link_after'];
// Output number of links equal to $navwidth after current page
For ($i = $page + 1; $i <= $numpages; $i++) {
$link = _wp_link_page( $i ) . $r['link_before'] . str_replace( '%', $i, $r['pagelink'] ) . $r['link_after'] . '';
$link = apply_filters( 'wp_link_pages_link', $link, $i );
$output .= $r['separator'] . $link;
}
}
/**
*End of New Code for 'mixed' navigation mode
*/
$next = $page + 1;
if ( $next <= $numpages ) {
if ( $prev ) {
$output .= $r['separator'];
}
$link = _wp_link_page( $next ) . $r['link_before'] . $r['nextpagelink'] . $r['link_after'] . '';
/** This filter is documented in wp-includes/post-template.php */
$output .= apply_filters( 'wp_link_pages_link', $link, $next );
}
$output .= $r['after'];
}
}
/**
* Filters the HTML output of page links for paginated posts.
*
* @since 3.6.0
*
* @param string $output HTML output of paginated posts' page links.
* @param array $args An array of arguments.
*/
$html = apply_filters( 'wp_link_pages', $output, $args );
if ( $r['echo'] ) {
echo $html;
}
return $html;
}
}}}
Let me know if I can further help to get this be pushed into the next release.
Martin
[https://martinshreder.com]
" mshumacher
Tickets Awaiting Review 39239 Persist the video header state between requests Themes 4.8 normal normal Awaiting Review enhancement new 2016-12-11T20:13:46Z 2016-12-11T20:24:52Z "If a visitor pauses the video header, they most likely expect it to remain paused through the duration of their visit. Whether it's paused for accessibility reasons or they just find it distracting, it can be annoying to have it restart on refresh or when returning to the homepage. It can be especially troublesome when the video header is activated for every page on a site.
I've seen it mentioned in a few places, but it would be nice if the paused state was remembered between requests." bradyvercher
Tickets Awaiting Review 41204 Placement of wp_redirect() in template Themes normal normal Awaiting Review enhancement new 2017-06-29T13:15:03Z 2017-07-12T18:32:02Z "It doesn't say on [https://developer.wordpress.org/reference/functions/wp_redirect/ | this page] where in template file should wp_redirect() function be called. If placed in wrong place, there could be created confusion and impression that function doesn't work.
So, it should be placed '''before''' get_header();
In case page is redirected only under certain condition, it would be something like:
{{{
/**
* Redirect only if this condition is met
*/
if ( certain_condition ) {
wp_redirect( $location );
exit;
}
/**
* Otherwise render the page
*/
get_header();
}}}
" milana_cap
Tickets Awaiting Review 38935 Proposition to add the theme mod name as a param to the dynamic theme_mod_{$name} filters Themes normal normal Awaiting Review enhancement new has-patch 2016-11-24T15:07:20Z 2018-04-17T21:48:12Z "Hi !
It would be convenient to be able to target a specific theme mod name when applying the same callback to all theme mods with `add_filter( ""theme_mod_{$name}"", '_my_generic_callback' )`.
Right now we need to extract the theme mod with a code looking like this :
{{{#!php
`) can be inserted with a button that is in the top row of the TinyMCE editor by default. However, it's possible to build a theme where the More Tag has no functionality: a theme that uses `the_excerpt()` on all archive pages, the page for posts, and search results.
It's a bad user experience for WordPress to display a button if it cannot have any effect on the display of content. Therefore, I think the best way to handle this would be to add a new `add_theme_support()` value of `more-tag`. This would still let themes opt-in any time it makes sense, but wouldn't clutter up the editor with pointless buttons." mrwweb
Tickets Awaiting Review 39537 When switching themes, set previous theme mods as autoload = no Themes 4.8 normal normal Awaiting Review enhancement new 2017-01-10T11:20:41Z 2017-01-10T11:20:41Z "When a theme is switched, previous theme mods are yet autoloaded. This will start filling up the autoloaded options list if you change of Theme often. Normally this won't happen often but we had an issue like this in a big multisite where a user had many sites and he switched themes many times and PHP got out of memory when loading the user in wp-admin.
In any case, it's a good idea to:
- Set autoload = no for previous theme mods
- Set autoload = yes again for the new switched theme" igmoweb
Tickets Awaiting Review 41558 create a (reusable) wp_default_admin_scripts Themes 2.6 normal normal Awaiting Review enhancement new 2017-08-03T23:53:48Z 2017-08-07T01:26:31Z "I had to create an admin-like form in the frontend, for guests submitting content.
I needed to provide {{{meta/post-box}}}, {{{autocompletion}}} and needed {{{media-views}}}, {{{wp-color-picker}}}, ...
I thought {{{wp_enqueue_script()}}} would do the trick... until I discovered the {{{ if(is_admin()) }}} inside {{{wp_default_scripts()}}}. I had no other choice than copy/pasting ~210 WP LoC in my own PHP files
Is there a really good reason for reserving all that cool client-side stuff to admin dashboard only?
plugin/themes developers may want to load and use it for good and having all that libs already registered by core is useful.
I suggest:
1. moving all the admin-oriented script into {{{wp_default_admin_scripts()}}} which should be reusable (even if non-admin), and run it if (is_admin).
2. moving all the {{{localize()}}} corresponding to these admin scripts into another {{{wp_default_admin_scripts_settings()}}} function somehow wrapped by {{{if(! is_admin())}}}
3. Document how to correctly bootstrap the dashboard in the frontend and a couple of common gotchas of these scripts (like that ajax-dashboard-pingback feature forcefully pulled as JS-dependencies and which can't be stopped, ...)
" drzraf
Tickets Awaiting Review 36402 front-page.php behavior for child themes Themes normal minor Awaiting Review enhancement new 2016-04-02T08:18:59Z 2018-04-17T22:08:56Z "Currently, if a parent theme has a `front-page.php` template, child theme inherits this too.
I think this should not happen.
On this specific case, I think that a child theme should behave like a parent one.
The attached patch checks:
{{{
if
* A child theme is NOT used
or
* A child theme is being used and includes 'front-page.php'
then
* Load 'front-page.php'
}}}
This allows a child theme to include its own `front-page.php` template or setting the ''front-page'' to a page from the 'Reading' setting." cristovaov
Tickets Awaiting Review 31237 improve get_the_archive_title() with new filter Themes 4.1 normal normal Awaiting Review enhancement new dev-feedback 2015-02-05T08:21:23Z 2018-05-15T17:03:45Z "The new [https://core.trac.wordpress.org/browser/tags/4.1/src/wp-includes/general-template.php#L1134 get_the_archive_title()] function introduces in wordpress 4.1 is very handy but it's very basic.
In some themes we prefer to hide the page prefix (i.e. Category, Tag, ect.).
I was thinking of a boolean parameter/filter in the function to show/hide the prefix.
if true, use:
{{{
__( 'Category: %s' )
}}}
else, use:
{{{
__( '%s' )
}}}
" ramiy
Tickets Awaiting Review 42309 Add page-numbers CSS class to wp_link_pages generated links Themes 4.9 normal normal Awaiting Review feature request new 2017-10-23T01:28:38Z 2018-04-17T20:28:50Z "While creating my own theme, I were annoyed by the differences between the functions wp_link_pages() and the_posts_pagination().
To simplify the styling of the pagination, I would like to suggest some changes to ensure some unification as stated below.
----
For example, equal styling currently works if you use the functions as follows:
{{{#!php
// pagination on singular pages
wp_link_pages (array (
'before' => '',
'after' => '',
'link_before' => '',
'link_after' => '',
));
//pagination on Posts page
the_posts_pagination ();
}}}
Resulting HTML markup
{{{
123

}}}
so this filter is working in term.php. Another thing is that, adding custom columns in edit-terms.php screen forces Screen options to show in term.php.
edit-tags.php
[[Image(http://s32.postimg.org/igwy86u2t/image.jpg)]]
term.php
[[Image(http://s32.postimg.org/7ddc2l8sl/image.jpg)]]" szaqal21
Tickets Awaiting Review 40436 Custom taxonomy terms order lost under wp-admin/post.php edit action for a custom post type Taxonomy 4.7 normal normal Awaiting Review defect (bug) new has-patch 2017-04-13T10:01:40Z 2018-05-11T15:29:06Z "Hi,
I have registered a custom taxonomy (for a custom post type) that supports sorting using the following taxonomy args
{{{#!php
const DEFAULT_ARGS = [
'public' => true, // Make WP function is_tax() working for this custom taxonomy
'show_ui' => true,
'show_in_menu' => true,
'show_in_nav_menus' => false,
'show_tagcloud' => false,
'show_in_quick_edit' => true,
'meta_box_cb' => null, // If null default to WP post_tags_meta_box() in not 'hierarchical' otherwise to post_categories_meta_box() (see WP meta-boxes.php)
'show_admin_column' => true,
'hierarchical' => false,
// 2017-01-25 Seems not to be necessary anymore 'update_count_callback' => 'My_Query_Admin::cb_update_count_callback',
'query_var' => true, // Make WP function is_tax() working for this custom taxonomy
'rewrite' => false,
'capabilities' => [],
'sort' => true, // Need by post terms ordering for M_Post_Type::get_main_term() (https://core.trac.wordpress.org/ticket/5857)
'_builtin' => false,
];
}}}
I used the following args for registering the custom post type
{{{
// Default custom post type arguments
// https://codex.wordpress.org/Function_Reference/register_post_type
const DEFAULT_ARGS = [
'description' => '',
'public' => false,
'exclude_from_search' => true,
'publicly_queryable' => true,
'show_ui' => true,
'show_in_nav_menus' => false,
'show_in_menu' => true,
'show_in_admin_bar' => true,
// 'capability_type' => 'post',
// 'capabilities' => [],
// 'map_meta_cap' => false,
'hierarchical' => false,
'supports' => [
'title',
'editor',
'thumbnail',
'custom-fields',
],
'register_meta_box_cb' => null,
'has_archive' => false,
'rewrite' => false,
'permalink_epmask' => EP_PERMALINK,
'query_var' => true,
'can_export' => false,
'delete_with_user' => false,
'show_in_rest' => false,
// 'rest_base' => $post_type,
// 'rest_controller_class' => WP_REST_Posts_Controller,
// '_builtin' => false,
'_edit_link' => 'post.php?post=%d',
];
}}}
Terms order is well respected using
{{{#!php
wp_get_object_terms($post->ID, $taxonomy, ['orderby' => 'term_order']);
}}}
but when editing post under admin panel, order is lost and reverts always to alphabetical order.
Can anyone confirm that bug or tell me what's wrong for me?
Thanks a lot
" solo14000
Tickets Awaiting Review 41504 Document global variables in dropdown_categories() and dropdown_link_categories() Taxonomy low normal Awaiting Review defect (bug) new has-patch 2017-08-01T07:00:10Z 2017-08-01T12:56:51Z In dropdown_categories() and dropdown_link_categories() function define global $post_ID and $link_id respectivly but it is not mentioned in comment. umangvaghela123
Tickets Awaiting Review 41035 Don't return if WP_Error object return by wp_insert_term() from foreach() loop in wp_set_object_terms() Taxonomy 4.7 normal normal Awaiting Review defect (bug) new 2017-06-13T20:57:30Z 2018-05-02T14:32:39Z "Recently, I'm trying to restrict tag creation for some user roles. I tried with using roles and capabilities but it's not possible. So I hook function to `pre_insert_term` filter which returns WP_Error object if condition match.
{{{
add_action( 'pre_insert_term', 'prevent_terms', 1, 2 );
function prevent_terms ( $term, $taxonomy ) {
if ( 'post_tag' !== $taxonomy ) {
return $term;
}
// Only administrator can create tag.
$allowed_roles = array( 'administrator' );
$user = wp_get_current_user();
if ( ! empty( $user->roles ) && empty( array_intersect( $allowed_roles, $user->roles ) ) ) {
return new WP_Error( 'term_addition_blocked', 'You are not allowed to create new tags.' );
}
return $term;
}
}}}
Now, a restricted user goes to the edit post and trying to assign existing tags to the post and its work fine. But when a user adds a tag which does not exist along with existing tags then existing tags also not assigned to that post. Because `wp_set_object_terms()` function will create new tag if it's not exists and I've return WP_Error object using `pre_insert_term` hook. So once it get WP_Error object then it returns from the `wp_set_object_terms()` function and it's also not execute for other terms.
See https://core.trac.wordpress.org/browser/tags/4.8/src/wp-includes/taxonomy.php#L2237
To complete my functionality I hook into `admin_init` action and remove new tags from $_POST so that remaining existing tags can assign to the post.
I believe, instead of returning, it should continue execution for other terms. Also, I'm not sure whether it's valid use case or not.
So main question is, do we need to return if there is WP_Error while creating term or don't return and continue execution for other terms.
I hope, I'm able to explain it properly. :)
" chandrapatel
Tickets Awaiting Review 37975 Duplicate tag names aren't supported Taxonomy normal normal Awaiting Review defect (bug) new 2016-09-07T20:32:16Z 2016-09-13T06:32:35Z "WP has an inherent requirement on unique tag names, if there are multiple tags with the same name, there is no way to pick which tag to assign.
Repro steps:
Create three tags
name = test, slug = test-1
name = test, slug = test-2
name = test, slug = test-3
Open the post editor and try and search for test, you will have three tags with the name test, if you try and add more than 1, you will not be able to pick which of the three you're assigning.
The search: /wp-admin/admin-ajax.php?action=ajax-tag-search&tax=post_tag&q=test
will only return tag names, and those are used to assign the tag to a post.
wp_insert_posts() calls:
{{{#!php
if ( isset( $postarr['tags_input'] ) && is_object_in_taxonomy( $post_type, 'post_tag' ) ) {
wp_set_post_tags( $post_ID, $postarr['tags_input'] );
}
}}}
https://core.trac.wordpress.org/browser/tags/4.6.1/src/wp-includes/post.php#L3238" ivankk
Tickets Awaiting Review 41594 Edit tag form limited to 800px width Taxonomy 4.8.1 normal normal Awaiting Review defect (bug) new has-patch 2017-08-09T15:27:23Z 2017-09-03T09:47:50Z "In taxonomy edit page the form width is limited to 800px by css. Many space was lost on large screens.
The bug seam come from wp-admin/css/edit.css at line 1095 and appear since WP 4.8.1 (work correctly on previous version)
[[Image()]]" fabienlege
Tickets Awaiting Review 36610 Loss of multibyte category and tag names Taxonomy normal normal Awaiting Review defect (bug) new 2016-04-20T22:40:40Z 2016-06-14T13:31:09Z "Some multibyte category and tag names can be lost during creation.
Example: create a category with the name `ﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃAAA`. It is 201 bytes long and will be truncated by `$wpdb->strip_invalid_text_for_column()` to 200 bytes (`ﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃAA`) before the category is created.
However, the category name `AAAﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃﾃ` is also 201 bytes, but when it is truncated to 200 bytes, it splits a multibyte character, so when `wp_check_invalid_utf8()` gets called, it will truncate the string to zero bytes out of an abundance of caution, since the string ends with something that is not valid utf8.
It's clear that the category creator was not submitting invalid utf8, and the true goal of `$wpdb->strip_invalid_text_for_column()` was to ensure that the text would fit in the DB column without auto-truncation by the DB engine, so the ideal behavior should be that the string is truncated to the longest possible length that remains valid and fits within the column.
One way to get around this data loss would be a wrapper around `wp_check_invalid_utf8()`. If `wp_check_invalid_utf8()` fails, chop a single byte off the end of the string and check it again, up to the point where you have checked the string without the last five bytes (as I believe that the longest a single character can be is six bytes, although I'm not positive about that and I think anything longer than four bytes is mostly theoretical). Or, fix `$wpdb->strip_invalid_text_for_column()` so that it doesn't truncate in the middle of a multibyte character.
There might be a solution lurking in mb_strlen(). If `wp_check_invalid_utf8()` returns an empty string, take bytes off of the original string (up to 5 bytes) until `mb_strlen()` returns a smaller number and then try `wp_check_invalid_utf8()`.
Configuration details: Tested in WordPress trunk (4.5-RC1-37153) and PHP 5.2.17
Here's my `wp_terms` structure:
{{{
CREATE TABLE `wp_terms` (
`term_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(200) NOT NULL DEFAULT '',
`slug` varchar(200) NOT NULL DEFAULT '',
`term_group` bigint(10) NOT NULL DEFAULT '0',
PRIMARY KEY (`term_id`),
KEY `slug` (`slug`(191)),
KEY `name` (`name`(191))
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
}}}
See #36393 for discussion of a similar (but now-fixed) bug." cfinke
Tickets Awaiting Review 32788 Moving sublevel menu item still opens the dropdown menu in the original location. Taxonomy normal normal Awaiting Review defect (bug) new 2015-06-25T10:45:33Z 2015-06-25T10:45:33Z "This is a follow-up to #13560.
Removing a sublevel admin menu item and then adding it to another existing top level menu item will still open the moved menu item in its original location.
" paaljoachim
Tickets Awaiting Review 37518 New term.php is showing warning for rearranged columns using manage_{$screen->id}_columns filter Taxonomy 4.5 normal normal Awaiting Review defect (bug) new 2016-07-29T19:41:29Z 2016-07-29T20:01:10Z "== Main Issue: ==
Declared custom column and sorted them using `unset()` for my Custom Taxonomy for CPT:
{{{#!php
tag1 will be in the results
4)search for tags using ""سلج1"" phrase => تاج1 will '''not''' be in the results
I have done the previous steps in a fresh installation of WordPress.
" ehabsan
Tickets Awaiting Review 11531 Some taxonomy names should be disallowed ryan Taxonomy 2.9 normal normal Awaiting Review defect (bug) reopened dev-feedback 2009-12-20T14:30:46Z 2016-06-03T14:23:59Z "I haven't tested, but can't we can get all sorts of weird bugs (some of which could have potential side effects in the security department) if a term taxonomy is called users, userlogins, posts, etc.?
the reason are lines such as:
{{{
wp_cache_add($term->term_id, $term, $term->taxonomy);
}}}
" Denis-de-Bernardy
Tickets Awaiting Review 40757 Standardize Application of 'the_category' Filter Taxonomy 4.7.4 normal normal Awaiting Review defect (bug) new 2017-05-13T21:32:30Z 2017-05-13T21:32:30Z "According to the [https://developer.wordpress.org/reference/functions/get_the_category_list/ Code Reference], application of 'the_category' filter passes three parameters (line 210). There are a number of instances in core where only the first parameter is passed. This causes PHP warnings to be issued when plugin or theme code that hooks 'the_category' asks for more than the first parameter to be passed when their callback is added. For example {{{add_filter('the_category', 'add_class_to_category', 10, 3 );}}}
All applications of this filter in core should comply with documentation by passing all three of the documented parameters, even if it is just the default empty string. Granted, plugin and theme devs can prevent the warning by providing default parameter values for their callback function or by conditionally adding their callback only when {{{!is_admin()}}}, but many people using this filter are not experienced developers, they are site owners tweaking their installation using very minimal PHP skills. They are not capable of adapting to situations that do not match the provided documentation. Core code should consistently comply with the provided documentation.
Alternately, update documentation to clearly indicate the two additional parameters are optional. For the reasons just mentioned, documentation would need some good examples for how to avoid PHP warnings. Given people's propensity to not read documentation, I'm not convinced this is a good alternative. If it is the chosen direction Trac #[ticket:39130] may be related.
For reference, the documented application of 'the_category' that passes three parameters is in the declaration for [https://core.trac.wordpress.org/browser/tags/4.7.4/src/wp-includes/category-template.php#L205 get_the_category_list()]. (Also at lines 135 and 151)
Locations that only pass one parameter (which are all other applications in core):
source:tags/4.7.4/src/wp-admin/includes/class-walker-category-checklist.php#L99
source:tags/4.7.4/src/wp-admin/includes/class-walker-category-checklist.php#L106
source:tags/4.7.4/src/wp-admin/includes/template.php#L217
source:tags/4.7.4/src/wp-admin/includes/template.php#L258
source:tags/4.7.4/src/wp-admin/edit-tags.php#L540
4.7.4 references are from my initial research, the included patch is for changeset:40663.
Props to @biellebrunner and @csloisel for bringing attention to this in the [https://wordpress.org/support/topic/missing-argument-2-on-a-custom-function/ Forums].
" bcworkz
Tickets Awaiting Review 42104 Tax query transformations unintentionally filtered by 'terms_clauses' Taxonomy 4.9 normal normal Awaiting Review defect (bug) new has-patch 2017-10-05T09:32:39Z 2017-10-05T09:36:03Z "Since [40918] tax queries are transformed using `WP_Term_Query`. That's nice because the previously uncached query is now cached.
This however raises a backward compatibility issue as all existing filters applied to a term query are now unintentionnally applied to the tax query transformation.
The same kind of issue was raised by [38667], when the usage of `WP_Term_Query` was introduced in `wp_get_object_terms()`. However in this latest case, the unique presence of `$args['object_ids']` in the arguments, not interpreted by `WP_Term_Query`, allows to differentiate term queries fired `wp_get_object_terms()`. There is no such unique argument which could serve the same purpose for the tax_query transformation.
I suggest to add a dummy parameter to the arguments of the query which would not be interpreted by the core and would only be useful to plugins to distinguish this query from others.
" Chouby
Tickets Awaiting Review 42522 Terms are uselessly counted when saving a post Taxonomy 3.3 normal normal Awaiting Review defect (bug) new has-patch 2017-11-12T17:37:07Z 2017-11-13T08:50:10Z This occurs even when terms have not been modified and when the post status has not changed. This is due to `_update_term_count_on_transition_post_status` not checking if the post status has been modified. Chouby
Tickets Awaiting Review 43743 Terms list table should be full width when user cannot edit terms Taxonomy normal minor Awaiting Review defect (bug) new has-patch 2018-04-12T07:31:19Z 2018-04-13T14:43:05Z "The `edit-tags.php` screen is split into two columns. On the left hand side is a form to create new terms, on the right hand side is the list of existing terms.
Now, the form is only visible if the user has the `edit_terms` capability for the current taxonomy. If they don't, the left column is simply empty.
Instead of wasting this space, I'd suggest to make the list table take the full width of the screen instead of residing at the right side.
Unfortunately this can't be yet achieved using CSS alone because `#col-left` isn't empty as it contains a `.col-wrap` div.
If we'd move the `current_user_can( $tax->cap->edit_terms )` check outside `.col-wrap` or even `#col-left`, we could use something like `#col-left:empty #col-right { float: none; width: 100% }`" swissspidy
Tickets Awaiting Review 35292 Terms: get_terms by name mismatches emoji Taxonomy 4.2 normal normal Awaiting Review defect (bug) new 2016-01-03T06:41:42Z 2016-01-07T04:56:34Z "When assigning emoji-named terms to a post, it appears the post processing will match some emoji characters incorrectly. So far, it appears it occurs within get_terms.
Steps to duplicate:
Write a post and attempt to add two flag emoji (e.g. Mexico and Germany) as individual tags.
Expected: Both terms are assigned.
Actual: Only one.
Another method: Create two tags of just the two flags, then assign the second one created. The first one created will be assigned instead.
It doesn't happen for all emoji, but I didn't isolate if it by plane, etc." kraftbj
Tickets Awaiting Review 41882 Walker_CategoryDropdown does not wrap options inside HTML select element with wp_list_categories Taxonomy 4.8.1 normal normal Awaiting Review defect (bug) new has-patch 2017-09-14T14:57:49Z 2017-09-14T15:25:32Z "If I use `Walker_CategoryDropdown()` class to build a dropdown list with `wp_list_categories` function, the output does not get wrapped inside `` element. The rendered output is like this:
{{{

Comedy

Sci-Fi

}}}
when it should be like
{{{
}}}
In order to achieve this we can add an additional parameter `html_wrapper_element` in `wp_list_categories` function and pass a value `dorpdown` in the argument like:
{{{#!php
'movies_taxonomy',
'walker' => new Walker_CategoryDropdown(),
'hide_empty' => false,
'html_wrapper_element' => 'dropdown'
);
wp_list_categories($args);
?>
}}}
and in `wp_list_categories` we add this before the $html gets returned from the function.
{{{#!php
' . $html . '';
}
if ( $r['echo'] ) {
echo $html;
} else {
return $html;
}
}}}
" subrataemfluence
Tickets Awaiting Review 36428 Weird default value of option 'default_link_category' Taxonomy 3.5 normal normal Awaiting Review defect (bug) new 2016-04-06T15:15:19Z 2016-04-06T15:15:19Z "The option `default_link_category` has value `2` after installing WordPress. It makes no sense since 3.5.
Generally, it's not a big problem, but we check referential integrity in our plugin and this fails because there's no `term_taxonomy` with ID `2`.
" JanVoracek
Tickets Awaiting Review 39754 `_post_format_get_terms()` can overwrite names of terms in other taxonomies Taxonomy normal normal Awaiting Review defect (bug) new has-patch 2017-02-01T03:19:35Z 2017-02-22T02:05:56Z "`_post_format_get_terms()` filters `'get_terms'` and includes this logic:
{{{
if ( in_array( 'post_format', (array) $taxonomies ) ) {
if ( isset( $args['fields'] ) && 'names' == $args['fields'] ) {
foreach ( $terms as $order => $name ) {
$terms[$order] = get_post_format_string( str_replace( 'post-format-', '', $name ) );
}
}
...
}}}
which affects the names of all `$terms`, as long as `post_format` was one of the queried taxonomies. Many terms are replaced with an empty string from `get_post_format_string()`.
The attached patch includes a test to demonstrate the issue, and it would check before changing a value that the value begins with `post-format-` and that `get_post_format_string()` returns a name for the value.
" dlh
Tickets Awaiting Review 39678 "get_term_by slug with ""0"" as value" Taxonomy 4.7 normal normal Awaiting Review defect (bug) new 2017-01-24T15:48:34Z 2017-01-24T15:48:34Z "Executing this code
get_term_by('slug','0','taxonomy_name')
my expectations were to obtain a taxonomy term, considering that one actually exists in my database, but instead the function returned false due to the PHP empty function returning true (see https://core.trac.wordpress.org/browser/tags/4.7/src/wp-includes/taxonomy.php#L844).
The empty function behaves according to documentation (http://php.net/manual/en/function.empty.php) but the string ""0"" should be accepted to be searched if it is possible to use it to create a taxonomy term." fausonealessio
Tickets Awaiting Review 41813 get_terms is hiding taxonomies that are not empty Taxonomy 4.8.1 normal normal Awaiting Review defect (bug) new 2017-09-06T13:14:20Z 2017-09-11T13:55:11Z "I have created a custom taxonomy for media type contents which has three terms in it. All terms have at least one image (media) associated to it. When I use the following code:
{{{#!php
'media_content_category',
'hide_empty' => true
));
foreach($terms as $term) {
echo $term->name . '';
}
}}}
it only displays one taxonomy when there should be all of them as no taxonomy is ""empty"".
'''NB: All plugins are deactivated during test.'''" subrataemfluence
Tickets Awaiting Review 32993 get_terms with child_of only works with uninterrupted hierarchies DrewAPicture* Taxonomy 4.2.2 normal normal Awaiting Review defect (bug) accepted 2015-07-14T13:00:45Z 2017-09-23T23:53:42Z "Similar to #14477 -
If I use `get_terms()` with both search and child_of, the filtered results are passed to `_get_term_children()`, and if those results don't include an uninterrupted heirarchy, it returns an empty array. Something like...
{{{
get_terms(array(
'search'=>$search_term,
'child_of'=>6
));
}}}
won't return grandchildren of 6 that match `$search_term`." eclev91
Tickets Awaiting Review 37728 hide_empty doesn't work correctly in get_terms when no taxonomy specified Taxonomy 4.5 normal normal Awaiting Review defect (bug) new needs-unit-tests 2016-08-19T00:42:03Z 2016-08-19T07:55:29Z "In #35495, the taxonomy argument to `get_terms` was made optional. Calling get_terms without specifying a taxonomy will return terms from all taxonomies.
However, if taxonomy isn't provided, hide_empty (when true, as per default) does not work correctly. Parent terms which are empty themselves but have nonempty child terms are not returned.
You can replicate this by creating an empty category with non-empty child categories. Using:
`get_terms()` - won't include the category
`get_terms(array('taxonomy'=>'category'))` - will include the category
`get_terms(array('taxonomy'=>array('category','post_tag')))` - will include the category
This is caused by the `get_terms` function in `WP_Term_Query`. `$has_hierarchical_tax` gets set to true if a single hierarchical taxonomy is passed, or multiple taxonomies with at least one hierarchical. However, if no taxonomies are passed, this never gets set to true.
In this case it should be set to true, since it will at minimum include the in-built `category` taxonomy." smerriman
Tickets Awaiting Review 35504 response to adding data to taxonomy shows in a wrong place Taxonomy 4.4.1 normal normal Awaiting Review defect (bug) new 2016-01-17T22:55:55Z 2016-01-17T22:55:55Z "Hello,
i created a custom taxonomy and when i try to add an item, item will be successfully add but response from ajax request to add this data show's in wrong place and the table not getting updated. response data showing as the message value instead. i toke screenshot.
and i tested my codes and wordpress healthy time and time over. I'm Sure it's core bug.
[[Image(http://uupload.ir/files/kuv1_bug.jpg)]]" ehsanaghaei
Tickets Awaiting Review 40291 subcategory pagination no run Taxonomy 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-29T02:55:51Z 2017-03-29T21:46:18Z "I can use the subcategory as directory in the url:
example.com/sub-category/
But example.com/sub-category/page/2/
Give me error 404
But example.com/Category/sub-category/page/2/
Run OK" Guillermo77
Tickets Awaiting Review 39926 wp_get_object_terms should return WP_Error on wrong fields argument or use a sane default Taxonomy normal normal Awaiting Review defect (bug) new dev-feedback 2017-02-21T13:40:52Z 2017-04-14T09:44:53Z "wp_get_object_terms( $object_ids, $taxonomies, $args ) accepts object_ids, taxonomies and as last option extra arguments as an array. One of the extra arguments in the $args array is the fields option.
I used the field value 'term_id' (erroneously) assuming this would return the term_ids. However this did not work. wp_get_object_terms returned an empty array and in my error log I noticed this SQL error message:
{{{
WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id ' at line 1 for query SELECT FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ('product') AND tr.object_id IN (449, 427) ORDER BY t.name ASC
}}}
After consulting the source of the wp_get_object_terms I noticed that 'term_id' is not a valid fields value. However I would have expected wp_get_object_terms() to return a WP_Error object instead of creating erroneous SQL code.
The following are valid field option values:
* all - Default : all matching term's objects will be returned
* ids : term's ids will be returned
* names : term's names will be returned
* slugs : term's slugs will be returned
* all_with_object_id : all matching term's objects will be returned
* tt_ids : term's taxonomy's ids will be returned
[https://codex.wordpress.org/Function_Reference/wp_get_object_terms See wp_get_object_terms() docs on the Codex]
=== Proposed solution
Due to [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-term-query.php#L581 this switch statement] invalid or an empty fields value will result in an empty SELECT SQL query in this [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-term-query.php#L650 codeblock]
My proposal is to add a default clause to the [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-term-query.php#L581 switch statement] which defaults to using the 'all' case value.
This seems to adhere to the functionality as well as the spirit of the rest of the WP_Term_Query class code. As far as I know it should be backwards compatible as well. " BjornW
Tickets Awaiting Review 35385 Able to get raw content by calling get_the_archive_description Taxonomy normal normal Awaiting Review enhancement new 2016-01-09T12:07:00Z 2016-04-05T06:19:52Z "Calling the '''get_the_archive_description''' the content will be passed to some filters by the '''sanitize_term_field''' function, one of them is wpautop.
To add some class to the p tag the only way is to perform a preg_replace but that can create issue with other callbacks hooked into 'get_the_archive_description'.
Would be great to have a param like $context as the '''get_term_field''' has to able to pass '''raw''' and retrieve only the text. " wido
Tickets Awaiting Review 38843 Add filter for post statuses in _update_post_term_count() Taxonomy 4.7 normal normal Awaiting Review enhancement new has-patch 2016-11-17T19:17:56Z 2016-11-21T14:54:54Z "`_update_post_term_count()` is hard-coded to only use the 'publish' status when updating the post count for a term. The lack of a filter here does not allow the term count to include other post statuses (or custom post statuses) in situations where the user would like the term count to reflect the other statuses.
Example of using proposed patch to allow 'future' status to be included in Category term count.
{{{
add_filter( 'update_post_term_count_statuses', function( $post_statuses, $taxonomy ) {
// Allow future statuses to be counted for Category post count.
if ( 'category' === $taxonomy->name ) {
$post_statuses[] = 'future';
}
return $post_statuses;
}, 10, 2 );
}}}
" GunGeekATX
Tickets Awaiting Review 36978 Add pre filter to get_term_by Taxonomy normal normal Awaiting Review enhancement new needs-unit-tests 2016-05-30T22:25:13Z 2016-05-30T22:26:08Z Like other get get_*_by functions the get_term_by should have a pre filter. This filter should specially be useful to short-circuit the default logic, perhaps to add caching. spacedmonkey
Tickets Awaiting Review 42765 Add the filter to the taxonomy metabox when editing a post Taxonomy 4.9.1 normal normal Awaiting Review enhancement new 2017-12-01T10:41:15Z 2017-12-01T13:00:18Z "The filter (`default_term_id`) is needed to set a default term in the custom taxonomy for custom post type.
File: '''/wp-admin/includes/meta-boxes.php''', Line: 542
{{{

-all"" class=""tabs-panel"">
""; // Allows for an empty term set to be sent. 0 is an invalid Term ID and will be ignored by empty() checks.
?>

}}}
" mihdan
Tickets Awaiting Review 42253 Adjust the inline docs for register_taxonomy() and WP_Taxonomy::set_props() Taxonomy 4.7 normal normal Awaiting Review enhancement new has-patch 2017-10-17T18:13:57Z 2018-01-05T16:09:26Z "The {{{register_taxonomy()}}} is a wrapper for a {{{WP_Taxonomy}}} object.
To avoid duplication, we should adjust the inline documentation for that function.
It looks like the {{{WP_Taxonomy::set_props()}}} method should contain the main documentation.
Similarly one can check out the documentation of the {{{get_posts()}}} function, that's a wrapper for a {{{WP_Query}}} object.
Reference:
{{{WP_Taxonomy::set_props()}}}
https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/class-wp-taxonomy.php#L249
{{{register_taxonomy()}}}
https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/taxonomy.php#L371
{{{get_posts()}}}
https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/post.php#L1646
" birgire
Tickets Awaiting Review 39835 Category slug could be auto-generated with ability to update manually Taxonomy 4.7.2 normal normal Awaiting Review enhancement new 2017-02-10T14:10:59Z 2017-02-10T14:13:09Z Like adding a post, when category is created from Post > Category, if a default slug could be auto generated from title here as well with the ability to edit that would be time saving and helpful. subrataemfluence
Tickets Awaiting Review 36399 Change function signature of `wp_count_terms()` to be compliant with recent `get_terms()` changes Taxonomy 4.6 normal normal Awaiting Review enhancement new has-patch 2016-04-01T15:32:06Z 2016-04-05T07:35:27Z "In #35495 the `$taxonomy` parameter of `get_terms()` was made optional, thus changing the function signature to the first parameter being the `$args` array where the taxonomy (if needed) could then be added to.
This ticket is about changing the signature of `wp_count_terms()` in a similar manner. This will bring more consistency and it will also allow to count all terms entirely (if no taxonomy is provided)." flixos90
Tickets Awaiting Review 34752 Confirmation for bulk delete on tax terms Taxonomy 4.4 normal normal Awaiting Review enhancement new 2015-11-20T13:20:07Z 2015-11-20T13:20:07Z After 6 years (see #11183), nothing has changed: neither Undo capability nor trash for deleted terms. In my opinion, the confirmation on bulk action seems a good idea. So, if someone likes to reopen discussion, I attach a patch to enable it on categories, tags and custom taxonomies. eventualo
Tickets Awaiting Review 34932 Custom Field meta box in Taxonomy Term after WP 4.4 Taxonomy 4.4 normal normal Awaiting Review enhancement new 2015-12-09T12:10:34Z 2015-12-24T11:09:57Z "As WordPress 4.4 takes Taxonomy Term Meta, it's a huge leap. Kudos to the team's effort.
But as in Add New Post/Add New Page contains an additional meta box named ""Custom Fields"" for adding data into the `postmeta` table, taxonomy term, not even in default taxonomy term contains any of such meta box. So the `termmeta` table becomes writable only by the Programmers and the programmers only. But using Custom Fields meta box a general user can use the `postmeta` table.
Screenshot 1: Enabling Custom Field Meta Box in Add New Post page
Screenshot 2: Add New Post's Custom Field Meta Box
Screenshot 3: Term doesn't contain any of such Meta Box
So the only option remains to a developer is to add necessary fields using hooks - the old method.
Can we add ""Custom Fields"" meta box for taxonomy terms too?" wzislam
Tickets Awaiting Review 35250 "Enable developer to omit ""internal"" taxonomies from return value of get_taxonomies()" Taxonomy normal normal Awaiting Review enhancement new needs-docs 2015-12-29T04:44:13Z 2016-01-25T21:42:20Z "I frequently use one or two taxonomies in a project that users should never see, but plugins that use the `get_taxonomies()` function are able to display my internal taxonomies to users. ` get_taxonomies()` does not filter for `show_in_nav_menu` or `show_in_nav_menu` _(and probably should not.)_ so I can't correct this proactively. Thus I would like to be able to filter out my internal taxonomies so they will be invisible to plugins and themes.
I am uploading a patch that adds a `'get_taxonomies'` filter for this.
Another option would be to introduce a `'internal'` property at taxonomy registration and then filter for that being `false` in `get_taxonomies()` and probably elsewhere, or introduce the idea of underscore prefixed taxonomies being hidden.
Any of those would work for me. Thanks in advance for considering.
" MikeSchinkel
Tickets Awaiting Review 31483 Improve UI to change Default Category Taxonomy normal normal Awaiting Review enhancement new 2015-02-27T22:51:49Z 2016-05-05T16:43:25Z "Spun off of #26268 per chat with @helen https://wordpress.slack.com/archives/core/p1424923581006944 #26268 will focus on UI indicating Default Category.
Currently, to change the Default Category, you must visit Settings->Writing. Since this only impacts one taxonomy, it may make more sense to remove the option from there and add it within the Category taxonomy.
Attaching modified patch of #26268 that contains only the UI to set the default." kraftbj
Tickets Awaiting Review 33585 Improve wp_list_categories to support multiple taxonomies Taxonomy 4.4 normal normal Awaiting Review enhancement new 2015-08-28T09:43:16Z 2015-08-28T09:43:51Z "Hi folks, I was working on a plugin feature request and from what I see it's not possible to pass an array on the `taxonomy` param from `wp_list_categories`, which prevents multiple taxonomies to be fetched at once.
I wanted to know if I can work on this ""enhancement"" for version 4.4, should be an easy modification since `get_terms` is an easy replacement for `get_categories`." bordoni
Tickets Awaiting Review 43271 Issue with term duplicate check in wp_insert_term Taxonomy 4.9.4 normal normal Awaiting Review enhancement new 2018-02-09T16:31:38Z 2018-02-09T16:31:38Z "In WPML, we assume that a term can be duplicated in the same taxonomy in a secondary language. This means that it will have the same 'slug' as the one in the primary language.
Here's a practical example of 2 term links from the same taxonomy with the same slug:
- http://example.org/city/paris/
- http://example.org/fr/city/paris/
In `wp_insert_term` we have several checks to ensure that a term is unique in its taxonomy. All these checks can be overpassed with the standard WP API '''except the last one''' which makes a direct call to the database:
{{{
/*
* Sanity check: if we just created a term with the same parent + taxonomy + slug but a higher term_id than
* an existing term, then we have unwittingly created a duplicate term. Delete the dupe, and use the term_id
* and term_taxonomy_id of the older term instead. Then return out of the function so that the ""create"" hooks
* are not fired.
*/
$duplicate_term = $wpdb->get_row( $wpdb->prepare( ""SELECT t.term_id, tt.term_taxonomy_id FROM $wpdb->terms t INNER JOIN $wpdb->term_taxonomy tt ON ( tt.term_id = t.term_id ) WHERE t.slug = %s AND tt.parent = %d AND tt.taxonomy = %s AND t.term_id < %d AND tt.term_taxonomy_id != %d"", $slug, $parent, $taxonomy, $term_id, $tt_id ) );
if ( $duplicate_term ) {
$wpdb->delete( $wpdb->terms, array( 'term_id' => $term_id ) );
$wpdb->delete( $wpdb->term_taxonomy, array( 'term_taxonomy_id' => $tt_id ) );
$term_id = (int) $duplicate_term->term_id;
$tt_id = (int) $duplicate_term->term_taxonomy_id;
clean_term_cache( $term_id, $taxonomy );
return array( 'term_id' => $term_id, 'term_taxonomy_id' => $tt_id );
}
}}}
The above data validation is only performed in `wp_insert_term` and not in `wp_update_term` which makes the data validation inconsistent between the two function. This also allowed us to demonstrate that two terms with the same slug can live together in the same taxonomy.
As a suggestion, this last check could be either:
- '''removed''': since we already have several checks before and it's not performed when a term is updated.
- '''filterable''': by using `get_term_by` to fetch the potential existing term, or having a specific filter hook (e.g. `wp_bypass_term_duplication_check`)." strategio
Tickets Awaiting Review 40761 Make Walker_Category::start_lvl more flexible by introducing filters for class name(s) at least Taxonomy normal normal Awaiting Review enhancement new has-patch 2017-05-14T13:24:12Z 2017-05-15T16:31:15Z "
Related: #36163, #40359, #40666, #40760
We should harmonize the filters available in the 3 main `Walker` classes." pbiron
Tickets Awaiting Review 39406 Make callback_args filterable in WP_Terms_List_Table Taxonomy 4.7 normal normal Awaiting Review enhancement new 2016-12-27T15:25:23Z 2016-12-27T15:25:23Z "The callback_args variable is specific to the WP_Terms_List_Table class. It defines a set of core variables that are passed to the get_terms function, and thereby to the generated WP_Term_Query instance.
They can't be modified so restricting the default terms displayed to the paginated display of all terms for that post-type / taxonomy association.
The reason for this enhancement request is to easily allow the development of drill-down filtering for custom columns, which are added via the filters:
{{{
add_action( 'manage_edit-{$taxonomy}_columns', 'add_column' );
add_action( 'manage_{$taxonomy}_custom_column', 'add_column_content, 10, 3 );
// Add the meta data column sortable
add_filter( 'manage_edit-{$taxonomy}_sortable_columns', 'add_column_sortable' ] );
}}}
It is possible to do this at a lower level in get_terms - from 4.6 at least - using the 'pre_get_terms action' and injecting / over-riding the WP_Meta_Query query_vars['meta_query'] value e.g. with:
{{{
add_action( 'pre_get_terms', 'get_terms_meta' );
function get_terms_meta($query) {
// store current query vars
$query_vars = $query->query_vars;
$args = [];
$args['meta_query'] = [
[
'key' => 'meta_key',
'value' => 'meta_value',
'compare' => 'LIKE'
]
];
if ( !empty( $args ) ) {
$query->query_vars = array_merge( $query_vars, $args );
}
}
}}}
That requires a deep understanding of core funtions - as well as some core digging! It would be much more flexible if there was an entry point filter that could be used to modify the get_terms args to manipulate by custom field, e.g.
{{{
add_filter( 'manage_edit-{$taxonomy}_column_filter', 'column_filter' );
function column_filter( $args ) {
// conditions met e.g. $_GET['meta_key']
$args['meta_query'] = [
[
'key' => 'meta_key',
'value' => 'meta_value',
'compare' => 'LIKE'
]
];
return $args;
}}}
The column field value could be modified to add the query arg for the meta_key via the column filter detailed earlier.
I've hacked it in a test version of the class and it's pretty functional.
{{{
$args = array(
'search' => $search,
'page' => $this->get_pagenum(),
'number' => $tags_per_page,
);
}}}
to
{{{
$args = array(
'search' => $search,
'page' => $this->get_pagenum(),
'number' => $tags_per_page,
);
$args = apply_filters( 'manage_edit-' . $this->screen->taxonomy .'_column_filter, $args );
}}}
Thanks
" tifosi
Tickets Awaiting Review 38280 Make term count for a specific object type available Taxonomy 4.7 normal normal Awaiting Review enhancement new has-patch 2016-10-10T21:54:15Z 2018-03-06T18:50:28Z "Term count is the total number of relationships with no context of the object types the relationships belong to.
Currently, the best way to determine the count of a term for a specific object type is to run a `WP_Query` with a `WP_Tax_Query` for that term.
{{{#!php
$term_count_query = new WP_Query( array(
'post_type' => 'some-post-type',
'tax_query' => array(
array(
'taxonomy' => 'some-taxonomy',
'field' => 'slug',
'terms' => array( 'term-slug' )
),
),
'posts_per_page' => 1,
) );
$term_count_for_post_type = $term_count_query->found_posts;
}}}
Now that term meta is in core, it would be great if these counts were stored in term meta for easy access.
To start, these counts could be available through a function. To go a step further, an argument could be added to `get_terms()` and other functions to filter the term counts and reflect the object types terms are being grabbed for." desrosj
Tickets Awaiting Review 44088 Merged two if into single Taxonomy trunk normal normal Awaiting Review enhancement new has-patch 2018-05-15T11:09:22Z 2018-05-15T11:09:22Z In `get_the_term_list` function there is no need to check with two if conditions. As at line `1246` of the same file inside `get_the_terms` function it is returning `false` when the `$terms` is empty then there is no need to check it again in `get_the_term_list` I think. rnaby
Tickets Awaiting Review 41878 No way to change the order of fields for taxonomy meta Taxonomy 4.8.1 normal normal Awaiting Review enhancement new 2017-09-13T22:27:26Z 2017-09-13T22:27:26Z There is currently no way to position any fields inserted with {$taxonomy}_add_form_fields or {$taxonomy}_edit_form_fields. Any fields added always appear after the description field with no way to insert them anywhere else in the form. ralphonz
Tickets Awaiting Review 41702 Slug for Category or Tag should be generated automatically Taxonomy 4.8.1 normal normal Awaiting Review enhancement new has-patch 2017-08-22T14:16:02Z 2017-08-22T16:40:15Z "When adding a Category or Tag in admin, Slug generation should be automated based on category / tag name entered in Name box and Slug box would be populated with it.
Advantages:
(1) user won't have to type in the slug by hand, hence saves time
(2) will minimize the typographic error.
The slug box will remain editable and users still have the ability to change slug if required.
Core file: `wp-admin/edit-tags.php`
Script added under `line 581`" subrataemfluence
Tickets Awaiting Review 42937 Success Message should display on insertion of new category in Taxonomy page Taxonomy 4.9.1 normal normal Awaiting Review enhancement new has-patch 2017-12-19T13:57:20Z 2018-04-22T17:21:24Z "When we add new category then apart from displaying a new category at the top, there should also display a success message like 'new category added successfully' same as we have in 'Add new post' Page.
[https://www.awesomescreenshot.com/image/3050291/30f92b69674d681274d708ec6d6e472b]
[https://www.awesomescreenshot.com/image/3050289/1e5164792645bf217b32b93d2f33e2bc]
" manishamakhija
Tickets Awaiting Review 40351 Term post re-counts scale poorly, are common and difficult to avoid Taxonomy 4.8 normal normal Awaiting Review enhancement new needs-unit-tests 2017-04-04T01:18:28Z 2017-11-09T13:55:04Z "Under normal conditions whenever a post status transition occurs, `_update_term_count_on_transition_post_status` attempts to completely recalculate the post counts for each term related to the post by re-counting each term's total number of post relationships.. For sites with large term relationship tables, large numbers of total terms and high numbers of terms per post, this recalculation does not scale well and can lead to wp-admin lag (while saving a post for example) or failed queries.
A typical bad scenario looks like this:
Consider a site with a large term_relationship table and a post with (say) 30 terms assigned to it. When that post is updated, an eventual call to `_update_post_term_count` will cause that function to execute 60 total queries on some very large tables. 30 are SELECTs:
`SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type IN ('"" . implode(""', '"", $object_types ) . ""') AND term_taxonomy_id = %d`
(This is actually the hopeful case, since if we need to count attachments too, those are added to the above query via a subselect which probably makes things worse.)
Interspersed among the 30 SELECTs are 30 UPDATEs to the tt table, generated by:
`$wpdb->update( $wpdb->term_taxonomy, compact( 'count' ), array( 'term_taxonomy_id' => $term ) );`
One result of all of this can be failed queries -- typically the SELECTs -- and incorrect term post counts. Even more frequently the issue manifests as slow post updating behavior (the lag a user feels while waiting for a post to save or publish.)
We currently provide two mechanisms (besides just unhooking `_update_term_count_on_transition_post_status` entirely and not updating term post counts at all) to do something about this problem. The first is to defer post counts, but this just delays the badness until a later call of `wp_update_term_count`. The second is to define a per-taxonomy custom update callback using `update_count_callback`.
Neither of these mechanisms is intended to improve performance, and both are obscure. It would be better to by default increment or decrement post counts directly in the tt table in response to posts entering or leaving published (or other countable) stati, and reserve complete recalculations for special occasions (such as when a term is edited.) Using this strategy, the 60 total queries in the example above could -- on publish -- be replaced by a '''a single''' query that would look something like:
`UPDATE {$wpdb->term_taxonomy} AS tt SET tt.count = tt.count + 1 WHERE tt.term_taxonomy_id IN ( .... )`
(where the final list is a list of tt_ids.)
This solution is implemented now as a plugin here: https://github.com/Automattic/lightweight-term-count-update.
Patch based on this on the way soon." mattoperry
Tickets Awaiting Review 37310 To get Term Metadata in $term->meta_key Taxonomy normal normal Awaiting Review enhancement new 2016-07-07T16:13:41Z 2016-07-07T16:17:04Z "Like postmeta and usermeta, I'd like to get Term Metadata as a property of a term object.
Would you confirm the attached patch file?
Thank you." minkapi
Tickets Awaiting Review 33841 WP_Dropdown_Categories: Parent Category Optgroups Taxonomy 4.4 normal normal Awaiting Review enhancement new 2015-09-12T11:14:02Z 2015-11-18T05:33:13Z "On a number of occasions I've structured a hierarchical taxonomy with parent > child categories, but have only wanted to be able to select the child categories. An example of this is country > county, or manufacturer > model.
The best way to do this is to set the parent category as an optgroup. wp_dropdown_categories() doesn't handle this through the Walker_CategoryDropdown class.
I would like a new option for the wp_dropdown_categories() function arguments to enable this, for example:
parent_optgroup = true (default, false)
This could either trigger a flow change in the walker class, or the use of an extended class. I'm currently using an override to the walker argument to the function - the codex doesn't advertise this is available, but works:
{{{
$args = array(
....
'hierarchical' => 1,
'taxonomy' => $taxonomy,
'walker' => new Walker_CategoryDropdown_Optgroup
);
wp_dropdown_categories( $args );
}}}
{{{
/**
* Parent level optgroup walker extension
*/
class Walker_CategoryDropdown_Optgroup extends Walker_CategoryDropdown {
var $optgroup = false;
function start_el( &$output, $category, $depth = 0, $args = array(), $id = 0 ) {
$pad = str_repeat(' ', $depth * 3);
$cat_name = apply_filters('list_cats', $category->name, $category);
// set parent optgroup
if (0 == $depth) {
$this->optgroup = true;
$output .= '